{ "info": { "added": 1524059324.698644, "started": 1524059325.275717, "duration": 138, "ended": 1524059463.969252, "owner": null, "score": 1.6, "id": 5, "category": "file", "git": { "head": "59d32361c1636b2b3802a1746f480a7768f6384f", "fetch_head": "59d32361c1636b2b3802a1746f480a7768f6384f" }, "monitor": "e19c4b4b529be2e90b3c5a3dfaad96f71c4fd54b", "package": "", "route": "none", "custom": null, "machine": { "status": "stopped", "name": "cuckoo1", "label": "cuckoo1", "manager": "VirtualBox", "started_on": "2018-04-18 13:48:45", "shutdown_on": "2018-04-18 13:51:02" }, "platform": null, "version": "2.0.5", "options": "" }, "signatures": [ { "markcount": 9, "families": [], "description": "Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)", "severity": 8, "marks": [ { "category": "dead_host", "ioc": "134.170.58.123:443", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "13.78.168.230:443", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "205.185.216.42:80", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "65.55.44.108:443", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "65.52.108.33:443", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "191.232.80.58:443", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "65.52.108.189:443", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "205.185.216.10:80", "type": "ioc", "description": null }, { "category": "dead_host", "ioc": "134.170.165.248:443", "type": "ioc", "description": null } ], "references": [], "name": "dead_host" } ], "target": { "category": "file", "file": { "yara": [], "sha1": "a8fc96c901579cb29ee64f06e724fbc598dbfab3", "name": "Notepad.exe", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "e328b2406d8784e54e77ccc7dbe8e3731891a703e6c21cf7e2f924fa8a42ea5c", "urls": [], "crc32": "0BE7841C", "path": "/home/jbrahm/.cuckoo/storage/binaries/e328b2406d8784e54e77ccc7dbe8e3731891a703e6c21cf7e2f924fa8a42ea5c", "ssdeep": null, "size": 66048, "sha512": "b9ebea8c230d413eccca4fc957478f76a0249c16988fdc53fa7fb8b260b5661dcfecfd8ec4962efd861f23837804503a946cb1a050847082af26faaf9fa104a6", "md5": "562a3b03546536307ac47fcb0ceadcde" } }, "network": { "tls": [], "udp": [ { "src": "192.168.56.101", "dst": "192.168.56.255", "offset": 2650, "time": 3.485116958618164, "dport": 137, "sport": 137 }, { "src": "192.168.56.101", "dst": "224.0.0.252", "offset": 8090, "time": 1.4335269927978516, "dport": 5355, "sport": 56724 }, { "src": "192.168.56.101", "dst": "224.0.0.252", "offset": 8454, "time": 3.4109809398651123, "dport": 5355, "sport": 59023 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 10362, "time": 48.1520049571991, "dport": 53, "sport": 49746 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 10677, "time": 20.792885065078735, "dport": 53, "sport": 50178 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 11007, "time": 0.26206111907958984, "dport": 53, "sport": 50333 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 11304, "time": 3.012995958328247, "dport": 53, "sport": 51025 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 11628, "time": 16.027190923690796, "dport": 53, "sport": 51955 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 11910, "time": 48.089025020599365, "dport": 53, "sport": 52404 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 12207, "time": 1.877842903137207, "dport": 53, "sport": 52689 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 12534, "time": 22.058840036392212, "dport": 53, "sport": 52963 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 12861, "time": 112.66792893409729, "dport": 53, "sport": 53063 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 13179, "time": 41.855194091796875, "dport": 53, "sport": 53529 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 13485, "time": 4.815475940704346, "dport": 53, "sport": 53905 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 13767, "time": 96.16809797286987, "dport": 53, "sport": 54484 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 14067, "time": 37.0275559425354, "dport": 53, "sport": 54878 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 14397, "time": 11.69948410987854, "dport": 53, "sport": 54919 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 14673, "time": 49.278204917907715, "dport": 53, "sport": 55174 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 14994, "time": 22.887078046798706, "dport": 53, "sport": 56206 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 15270, "time": 74.29232597351074, "dport": 53, "sport": 57412 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 15597, "time": 117.9335548877716, "dport": 53, "sport": 57622 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 15801, "time": 11.496190071105957, "dport": 53, "sport": 57985 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 16077, "time": 24.13690996170044, "dport": 53, "sport": 59538 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 16407, "time": 11.699134111404419, "dport": 53, "sport": 59920 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 16713, "time": 93.08967089653015, "dport": 53, "sport": 60834 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 17010, "time": 0.4341399669647217, "dport": 53, "sport": 61289 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 17316, "time": 93.68348002433777, "dport": 53, "sport": 61435 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 17631, "time": 12.953443050384521, "dport": 53, "sport": 62538 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 17961, "time": 4.512808084487915, "dport": 53, "sport": 62725 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 18255, "time": 104.85514211654663, "dport": 53, "sport": 63428 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 18570, "time": 5.0272510051727295, "dport": 53, "sport": 64140 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 18840, "time": 96.27739691734314, "dport": 53, "sport": 64644 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 19167, "time": 121.47994494438171, "dport": 53, "sport": 64835 }, { "src": "192.168.56.101", "dst": "8.8.4.4", "offset": 19385, "time": 62.246278047561646, "dport": 53, "sport": 65071 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 19712, "time": 47.99617791175842, "dport": 53, "sport": 49746 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 20132, "time": 20.638426065444946, "dport": 53, "sport": 50178 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 20572, "time": 0.11060690879821777, "dport": 53, "sport": 50333 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 20968, "time": 2.8442959785461426, "dport": 53, "sport": 51025 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 21400, "time": 15.85879898071289, "dport": 53, "sport": 51955 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 21776, "time": 47.935662031173706, "dport": 53, "sport": 52404 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 22172, "time": 1.7287609577178955, "dport": 53, "sport": 52689 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 22608, "time": 21.912446975708008, "dport": 53, "sport": 52963 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 23044, "time": 112.520751953125, "dport": 53, "sport": 53063 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 23468, "time": 41.700592041015625, "dport": 53, "sport": 53529 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 23876, "time": 4.657516956329346, "dport": 53, "sport": 53905 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 24252, "time": 96.01544094085693, "dport": 53, "sport": 54484 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 24652, "time": 36.87276792526245, "dport": 53, "sport": 54878 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 25092, "time": 11.516632080078125, "dport": 53, "sport": 54919 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 25460, "time": 49.130929946899414, "dport": 53, "sport": 55174 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 25888, "time": 22.734236001968384, "dport": 53, "sport": 56206 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 26256, "time": 74.13039803504944, "dport": 53, "sport": 57412 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 26692, "time": 117.77912092208862, "dport": 53, "sport": 57622 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 26998, "time": 11.34033203125, "dport": 53, "sport": 57985 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 27366, "time": 23.982048988342285, "dport": 53, "sport": 59538 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 27806, "time": 11.516869068145752, "dport": 53, "sport": 59920 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 28214, "time": 92.93827795982361, "dport": 53, "sport": 60834 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 28610, "time": 0.2868690490722656, "dport": 53, "sport": 61289 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 29018, "time": 93.52821588516235, "dport": 53, "sport": 61435 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 29438, "time": 12.793766021728516, "dport": 53, "sport": 62538 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 29878, "time": 4.344862937927246, "dport": 53, "sport": 62725 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 30270, "time": 104.70173597335815, "dport": 53, "sport": 63428 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 30690, "time": 4.875518083572388, "dport": 53, "sport": 64140 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 31050, "time": 96.12423992156982, "dport": 53, "sport": 64644 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 31486, "time": 121.31742405891418, "dport": 53, "sport": 64835 }, { "src": "192.168.56.101", "dst": "8.8.8.8", "offset": 31813, "time": 62.09603309631348, "dport": 53, "sport": 65071 } ], "dns_servers": [ "8.8.4.4", "8.8.8.8" ], "http": [], "icmp": [], "smtp": [], "tcp": [], "smtp_ex": [], "mitm": [], "hosts": [ "13.107.4.50", "13.78.168.230", "134.170.165.248", "134.170.58.123", "191.232.80.58", "205.185.216.10", "205.185.216.42", "65.52.108.189", "65.52.108.201", "65.52.108.33", "65.55.44.108", "8.8.4.4", "8.8.8.8" ], "pcap_sha256": "fd72e17b35ae9df3a65766988451261ca9fe8b59d3ecaa35c419a32d7003411c", "dns": [ { "type": "A", "request": "client.wns.windows.com", "answers": [] }, { "type": "A", "request": "9.tlu.dl.delivery.mp.microsoft.com", "answers": [] }, { "type": "A", "request": "dns.msftncsi.com", "answers": [] }, { "type": "A", "request": "geo-prod.do.dsp.mp.microsoft.com", "answers": [] }, { "type": "A", "request": "win1710.ipv6.microsoft.com", "answers": [] }, { "type": "A", "request": "settings-win.data.microsoft.com", "answers": [] }, { "type": "A", "request": "au.download.windowsupdate.com", "answers": [] }, { "type": "A", "request": "www.msftconnecttest.com", "answers": [] }, { "type": "A", "request": "kv801-prod.do.dsp.mp.microsoft.com", "answers": [] }, { "type": "A", "request": "wdcp.microsoft.com", "answers": [] }, { "type": "A", "request": "v10.vortex-win.data.microsoft.com", "answers": [] }, { "type": "A", "request": "watson.telemetry.microsoft.com", "answers": [] }, { "type": "A", "request": "login.live.com", "answers": [] }, { "type": "A", "request": "sls.update.microsoft.com", "answers": [] } ], "http_ex": [], "domains": [ { "ip": "67.24.185.254", "domain": "au.download.windowsupdate.com" }, { "ip": "205.185.216.42", "domain": "9.tlu.dl.delivery.mp.microsoft.com" }, { "ip": "13.107.4.52", "domain": "www.msftconnecttest.com" }, { "ip": "40.79.66.209", "domain": "geo-prod.do.dsp.mp.microsoft.com" }, { "ip": "13.91.94.12", "domain": "wdcp.microsoft.com" }, { "ip": "64.4.54.254", "domain": "v10.vortex-win.data.microsoft.com" }, { "ip": "13.78.235.126", "domain": "watson.telemetry.microsoft.com" }, { "ip": "65.55.158.118", "domain": "win1710.ipv6.microsoft.com" }, { "ip": "13.68.93.109", "domain": "sls.update.microsoft.com" }, { "ip": "131.107.255.255", "domain": "dns.msftncsi.com" }, { "ip": "64.4.54.253", "domain": "settings-win.data.microsoft.com" }, { "ip": "184.29.153.69", "domain": "kv801-prod.do.dsp.mp.microsoft.com" }, { "ip": "131.253.61.100", "domain": "login.live.com" } ], "dead_hosts": [ [ "134.170.58.123", 443 ], [ "13.78.168.230", 443 ], [ "205.185.216.42", 80 ], [ "13.107.4.50", 80 ], [ "65.55.44.108", 443 ], [ "65.52.108.33", 443 ], [ "191.232.80.58", 443 ], [ "65.52.108.189", 443 ], [ "205.185.216.10", 80 ], [ "134.170.165.248", 443 ] ], "sorted_pcap_sha256": "b2288aa4c8c260653e88b7b4d5f1ff310d3ad4493b9afed0683250d784d49dba", "irc": [], "https_ex": [] }, "static": { "pdb_path": null, "pe_imports": [ { "imports": [ { "name": "PageSetupDlgW", "address": "0x10012a0" }, { "name": "FindTextW", "address": "0x10012a4" }, { "name": "PrintDlgExW", "address": "0x10012a8" }, { "name": "ChooseFontW", "address": "0x10012ac" }, { "name": "GetSaveFileNameW", "address": "0x10012b0" }, { "name": "GetOpenFileNameW", "address": "0x10012b4" }, { "name": "ReplaceTextW", "address": "0x10012b8" }, { "name": "GetFileTitleW", "address": "0x10012bc" }, { "name": "CommDlgExtendedError", "address": "0x10012c0" } ], "dll": "comdlg32.dll" }, { "imports": [ { "name": "DragFinish", "address": "0x1001154" }, { "name": "DragQueryFileW", "address": "0x1001158" }, { "name": "DragAcceptFiles", "address": "0x100115c" }, { "name": "ShellAboutW", "address": "0x1001160" } ], "dll": "SHELL32.dll" }, { "imports": [ { "name": "GetPrinterDriverW", "address": "0x1001290" }, { "name": "ClosePrinter", "address": "0x1001294" }, { "name": "OpenPrinterW", "address": "0x1001298" } ], "dll": "WINSPOOL.DRV" }, { "imports": [ { "name": "CreateStatusWindowW", "address": "0x1001020" } ], "dll": "COMCTL32.dll" }, { "imports": [ { "name": "_cexit", "address": "0x10012c8" }, { "name": "_XcptFilter", "address": "0x10012cc" }, { "name": "_exit", "address": "0x10012d0" }, { "name": "_c_exit", "address": "0x10012d4" }, { "name": "time", "address": "0x10012d8" }, { "name": "exit", "address": "0x10012dc" }, { "name": "wcsncpy", "address": "0x10012e0" }, { "name": "iswctype", "address": "0x10012e4" }, { "name": "_wtol", "address": "0x10012e8" }, { "name": "wcsncmp", "address": "0x10012ec" }, { "name": "_snwprintf", "address": "0x10012f0" }, { "name": "_acmdln", "address": "0x10012f4" }, { "name": "__getmainargs", "address": "0x10012f8" }, { "name": "_initterm", "address": "0x10012fc" }, { "name": "__setusermatherr", "address": "0x1001300" }, { "name": "_adjust_fdiv", "address": "0x1001304" }, { "name": "__p__commode", "address": "0x1001308" }, { "name": "__p__fmode", "address": "0x100130c" }, { "name": "__set_app_type", "address": "0x1001310" }, { "name": "_except_handler3", "address": "0x1001314" }, { "name": "_controlfp", "address": "0x1001318" }, { "name": "localtime", "address": "0x100131c" } ], "dll": "msvcrt.dll" }, { "imports": [ { "name": "RegQueryValueExW", "address": "0x1001000" }, { "name": "RegCloseKey", "address": "0x1001004" }, { "name": "RegCreateKeyW", "address": "0x1001008" }, { "name": "IsTextUnicode", "address": "0x100100c" }, { "name": "RegQueryValueExA", "address": "0x1001010" }, { "name": "RegOpenKeyExA", "address": "0x1001014" }, { "name": "RegSetValueExW", "address": "0x1001018" } ], "dll": "ADVAPI32.dll" }, { "imports": [ { "name": "GlobalUnlock", "address": "0x100108c" }, { "name": "GetFileInformationByHandle", "address": "0x1001090" }, { "name": "CreateFileMappingW", "address": "0x1001094" }, { "name": "MapViewOfFile", "address": "0x1001098" }, { "name": "MultiByteToWideChar", "address": "0x100109c" }, { "name": "UnmapViewOfFile", "address": "0x10010a0" }, { "name": "GetACP", "address": "0x10010a4" }, { "name": "DeleteFileW", "address": "0x10010a8" }, { "name": "SetEndOfFile", "address": "0x10010ac" }, { "name": "GetUserDefaultLangID", "address": "0x10010b0" }, { "name": "FormatMessageW", "address": "0x10010b4" }, { "name": "GlobalLock", "address": "0x10010b8" }, { "name": "GetTimeFormatW", "address": "0x10010bc" }, { "name": "GetDateFormatW", "address": "0x10010c0" }, { "name": "GetUserDefaultLCID", "address": "0x10010c4" }, { "name": "GetLocalTime", "address": "0x10010c8" }, { "name": "LoadLibraryA", "address": "0x10010cc" }, { "name": "GetStartupInfoA", "address": "0x10010d0" }, { "name": "GlobalFree", "address": "0x10010d4" }, { "name": "GetLocaleInfoW", "address": "0x10010d8" }, { "name": "lstrcatW", "address": "0x10010dc" }, { "name": "FindClose", "address": "0x10010e0" }, { "name": "FindFirstFileW", "address": "0x10010e4" }, { "name": "GetFileAttributesW", "address": "0x10010e8" }, { "name": "lstrcpyW", "address": "0x10010ec" }, { "name": "lstrcmpW", "address": "0x10010f0" }, { "name": "LocalFree", "address": "0x10010f4" }, { "name": "LocalAlloc", "address": "0x10010f8" }, { "name": "lstrlenW", "address": "0x10010fc" }, { "name": "LocalUnlock", "address": "0x1001100" }, { "name": "CompareStringW", "address": "0x1001104" }, { "name": "LocalLock", "address": "0x1001108" }, { "name": "FoldStringW", "address": "0x100110c" }, { "name": "CloseHandle", "address": "0x1001110" }, { "name": "ReadFile", "address": "0x1001114" }, { "name": "CreateFileW", "address": "0x1001118" }, { "name": "lstrcmpiW", "address": "0x100111c" }, { "name": "GetCurrentProcessId", "address": "0x1001120" }, { "name": "GetProcAddress", "address": "0x1001124" }, { "name": "GetCommandLineW", "address": "0x1001128" }, { "name": "MulDiv", "address": "0x100112c" }, { "name": "lstrcpynW", "address": "0x1001130" }, { "name": "LocalSize", "address": "0x1001134" }, { "name": "GetLastError", "address": "0x1001138" }, { "name": "WriteFile", "address": "0x100113c" }, { "name": "SetLastError", "address": "0x1001140" }, { "name": "WideCharToMultiByte", "address": "0x1001144" }, { "name": "LocalReAlloc", "address": "0x1001148" }, { "name": "GetModuleHandleA", "address": "0x100114c" } ], "dll": "KERNEL32.dll" }, { "imports": [ { "name": "EndPage", "address": "0x1001028" }, { "name": "AbortDoc", "address": "0x100102c" }, { "name": "EndDoc", "address": "0x1001030" }, { "name": "DeleteDC", "address": "0x1001034" }, { "name": "StartPage", "address": "0x1001038" }, { "name": "GetTextExtentPoint32W", "address": "0x100103c" }, { "name": "CreateDCW", "address": "0x1001040" }, { "name": "SetAbortProc", "address": "0x1001044" }, { "name": "GetTextFaceW", "address": "0x1001048" }, { "name": "TextOutW", "address": "0x100104c" }, { "name": "StartDocW", "address": "0x1001050" }, { "name": "EnumFontsW", "address": "0x1001054" }, { "name": "GetStockObject", "address": "0x1001058" }, { "name": "GetObjectW", "address": "0x100105c" }, { "name": "GetDeviceCaps", "address": "0x1001060" }, { "name": "CreateFontIndirectW", "address": "0x1001064" }, { "name": "DeleteObject", "address": "0x1001068" }, { "name": "GetTextMetricsW", "address": "0x100106c" }, { "name": "SetBkMode", "address": "0x1001070" }, { "name": "LPtoDP", "address": "0x1001074" }, { "name": "SetWindowExtEx", "address": "0x1001078" }, { "name": "SetViewportExtEx", "address": "0x100107c" }, { "name": "SetMapMode", "address": "0x1001080" }, { "name": "SelectObject", "address": "0x1001084" } ], "dll": "GDI32.dll" }, { "imports": [ { "name": "ReleaseDC", "address": "0x1001168" }, { "name": "GetDC", "address": "0x100116c" }, { "name": "DialogBoxParamW", "address": "0x1001170" }, { "name": "SetActiveWindow", "address": "0x1001174" }, { "name": "GetKeyboardLayout", "address": "0x1001178" }, { "name": "DefWindowProcW", "address": "0x100117c" }, { "name": "DestroyWindow", "address": "0x1001180" }, { "name": "MessageBeep", "address": "0x1001184" }, { "name": "PostQuitMessage", "address": "0x1001188" }, { "name": "GetForegroundWindow", "address": "0x100118c" }, { "name": "IsIconic", "address": "0x1001190" }, { "name": "SetCursor", "address": "0x1001194" }, { "name": "GetWindowPlacement", "address": "0x1001198" }, { "name": "CharUpperW", "address": "0x100119c" }, { "name": "LoadStringW", "address": "0x10011a0" }, { "name": "SetWindowLongW", "address": "0x10011a4" }, { "name": "LoadAcceleratorsW", "address": "0x10011a8" }, { "name": "GetSystemMenu", "address": "0x10011ac" }, { "name": "RegisterClassExW", "address": "0x10011b0" }, { "name": "LoadImageW", "address": "0x10011b4" }, { "name": "LoadCursorW", "address": "0x10011b8" }, { "name": "SetWindowPlacement", "address": "0x10011bc" }, { "name": "CreateWindowExW", "address": "0x10011c0" }, { "name": "RegisterWindowMessageW", "address": "0x10011c4" }, { "name": "GetClientRect", "address": "0x10011c8" }, { "name": "ShowWindow", "address": "0x10011cc" }, { "name": "GetDesktopWindow", "address": "0x10011d0" }, { "name": "GetFocus", "address": "0x10011d4" }, { "name": "UpdateWindow", "address": "0x10011d8" }, { "name": "SetScrollPos", "address": "0x10011dc" }, { "name": "CharLowerW", "address": "0x10011e0" }, { "name": "GetWindowLongW", "address": "0x10011e4" }, { "name": "PeekMessageW", "address": "0x10011e8" }, { "name": "EnableWindow", "address": "0x10011ec" }, { "name": "DrawTextExW", "address": "0x10011f0" }, { "name": "CreateDialogParamW", "address": "0x10011f4" }, { "name": "GetWindowTextW", "address": "0x10011f8" }, { "name": "LoadIconW", "address": "0x10011fc" }, { "name": "MoveWindow", "address": "0x1001200" }, { "name": "InvalidateRect", "address": "0x1001204" }, { "name": "WinHelpW", "address": "0x1001208" }, { "name": "GetDlgCtrlID", "address": "0x100120c" }, { "name": "ChildWindowFromPoint", "address": "0x1001210" }, { "name": "ScreenToClient", "address": "0x1001214" }, { "name": "GetCursorPos", "address": "0x1001218" }, { "name": "SendDlgItemMessageW", "address": "0x100121c" }, { "name": "SendMessageW", "address": "0x1001220" }, { "name": "CharNextW", "address": "0x1001224" }, { "name": "SetWindowTextW", "address": "0x1001228" }, { "name": "CheckMenuItem", "address": "0x100122c" }, { "name": "CloseClipboard", "address": "0x1001230" }, { "name": "IsClipboardFormatAvailable", "address": "0x1001234" }, { "name": "OpenClipboard", "address": "0x1001238" }, { "name": "GetMenuState", "address": "0x100123c" }, { "name": "EnableMenuItem", "address": "0x1001240" }, { "name": "GetSubMenu", "address": "0x1001244" }, { "name": "GetMenu", "address": "0x1001248" }, { "name": "MessageBoxW", "address": "0x100124c" }, { "name": "SetFocus", "address": "0x1001250" }, { "name": "SetDlgItemTextW", "address": "0x1001254" }, { "name": "wsprintfW", "address": "0x1001258" }, { "name": "GetDlgItemTextW", "address": "0x100125c" }, { "name": "EndDialog", "address": "0x1001260" }, { "name": "GetParent", "address": "0x1001264" }, { "name": "UnhookWinEvent", "address": "0x1001268" }, { "name": "DispatchMessageW", "address": "0x100126c" }, { "name": "TranslateMessage", "address": "0x1001270" }, { "name": "TranslateAcceleratorW", "address": "0x1001274" }, { "name": "IsDialogMessageW", "address": "0x1001278" }, { "name": "PostMessageW", "address": "0x100127c" }, { "name": "GetMessageW", "address": "0x1001280" }, { "name": "SetWinEventHook", "address": "0x1001284" }, { "name": "GetSystemMetrics", "address": "0x1001288" } ], "dll": "USER32.dll" } ], "peid_signatures": null, "keys": [], "signature": [], "pe_timestamp": "2001-08-17 14:52:29", "pe_exports": [], "imported_dll_count": 9, "pe_imphash": "589127764b99b6ce54a13cb37f6e4979", "pe_resources": [ { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_ICON", "language": "LANG_ENGLISH", "filetype": "GLS_BINARY_LSB_FIRST", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010590", "size": "0x00000468" }, { "name": "RT_MENU", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010a80", "size": "0x00000342" }, { "name": "RT_DIALOG", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00011490", "size": "0x000000de" }, { "name": "RT_DIALOG", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00011490", "size": "0x000000de" }, { "name": "RT_DIALOG", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00011490", "size": "0x000000de" }, { "name": "RT_DIALOG", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00011490", "size": "0x000000de" }, { "name": "RT_STRING", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00012908", "size": "0x0000003a" }, { "name": "RT_STRING", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00012908", "size": "0x0000003a" }, { "name": "RT_STRING", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00012908", "size": "0x0000003a" }, { "name": "RT_STRING", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00012908", "size": "0x0000003a" }, { "name": "RT_ACCELERATOR", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010e50", "size": "0x000000a8" }, { "name": "RT_ACCELERATOR", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00010e50", "size": "0x000000a8" }, { "name": "RT_GROUP_ICON", "language": "LANG_ENGLISH", "filetype": "MS Windows icon resource - 9 icons, 48x48, 16 colors", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x000109f8", "size": "0x00000084" }, { "name": "RT_VERSION", "language": "LANG_ENGLISH", "filetype": "data", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x00011570", "size": "0x0000035c" }, { "name": "RT_MANIFEST", "language": "LANG_ENGLISH", "filetype": "XML 1.0 document, ASCII text, with CRLF line terminators", "sublanguage": "SUBLANG_ENGLISH_US", "offset": "0x0000a570", "size": "0x0000029e" } ], "pe_versioninfo": [ { "name": "LegalCopyright", "value": "\\xa9 Microsoft Corporation. All rights reserved." }, { "name": "InternalName", "value": "Notepad" }, { "name": "FileVersion", "value": "5.1.2600.0 (xpclient.010817-1148)" }, { "name": "CompanyName", "value": "Microsoft Corporation" }, { "name": "ProductName", "value": "Microsoft\\xae Windows\\xae Operating System" }, { "name": "ProductVersion", "value": "5.1.2600.0" }, { "name": "FileDescription", "value": "Notepad" }, { "name": "OriginalFilename", "value": "NOTEPAD.EXE" }, { "name": "Translation", "value": "0x0409 0x04b0" } ], "pe_sections": [ { "size_of_data": "0x00006e00", "virtual_address": "0x00001000", "entropy": 6.283709646624966, "name": ".text", "virtual_size": "0x00006d72" }, { "size_of_data": "0x00000600", "virtual_address": "0x00008000", "entropy": 1.3979567633635497, "name": ".data", "virtual_size": "0x00001ba8" }, { "size_of_data": "0x00008a00", "virtual_address": "0x0000a000", "entropy": 5.406875156412738, "name": ".rsrc", "virtual_size": "0x00008948" } ] }, "behavior": { "generic": [ { "process_path": "C:\\Users\\User\\AppData\\Local\\Temp\\Notepad.exe", "process_name": "Notepad.exe", "pid": 5676, "summary": { "file_opened": [ "C:\\Windows\\System32\\oleaut32.dll", "C:\\Windows\\System32\\dwmapi.dll", "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls", "C:\\Windows\\System32\\TextInputFramework.dll", "C:\\Windows\\System32\\msctf.dll", "C:\\Windows\\System32\\CoreUIComponents.dll", "C:\\Windows\\System32\\WinTypes.dll", "C:\\Windows\\System32\\CoreMessaging.dll", "C:\\Windows\\System32\\ntmarta.dll", "C:\\Windows\\System32\\uxtheme.dll" ], "mutex": [ "Local\\SM0:5676:168:WilStaging_02", "Local\\SM0:5676:64:WilError_01" ], "regkey_read": [ "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginLeft", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfFaceName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfItalic", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfOutPrecision", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\StatusBar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\IdleTimerWindow", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfOrientation", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime", "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfUnderline", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfClipPrecision", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfWeight", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfStrikeOut", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en", "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfCharSet", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfPitchAndFamily", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosDY", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iPointSize", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fWrap", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginTop", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\szHeader", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginRight", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfQuality", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosDX", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\szTrailer", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfEscapement", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000602xx", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fSaveWindowPositions", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosX", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosY", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginBottom", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fMLE_is_broken" ], "dll_loaded": [ "ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll", "rpcrt4.dll", "api-ms-win-core-com-l1-1-0.dll", "C:\\Windows\\System32\\MSCTF.dll", "kernel32.dll", "OLEAUT32.DLL", "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", "comctl32", "comctl32.dll" ], "file_failed": [ "C:\\Windows\\System32\\uxtheme.dll.Config" ] }, "first_seen": 1520333398.908644, "ppid": 5568 } ], "apistats": { "5676": { "NtDuplicateObject": 5, "NtOpenSection": 18, "RegCloseKey": 1, "DrawTextExW": 22, "GetSystemInfo": 2, "NtCreateKey": 1, "NtQueryValueKey": 20, "GetForegroundWindow": 2, "RegQueryValueExW": 27, "NtMapViewOfSection": 16, "GetSystemMetrics": 681, "NtAllocateVirtualMemory": 19, "LdrGetDllHandle": 51, "NtQuerySystemInformation": 4, "NtOpenFile": 16, "NtUnmapViewOfSection": 1, "LoadStringW": 90, "NtCreateFile": 1, "GetSystemTimeAsFileTime": 1, "NtQueryAttributesFile": 9, "NtCreateMutant": 3, "NtProtectVirtualMemory": 112, "NtCreateSection": 7, "NtOpenKey": 16, "NtOpenMutant": 2, "NtEnumerateKey": 1, "NtOpenDirectoryObject": 1, "NtOpenKeyEx": 11, "LdrLoadDll": 10, "UuidCreate": 3, "NtQueryInformationFile": 1, "NtClose": 70 } }, "processes": [ { "process_path": "C:\\Users\\User\\AppData\\Local\\Temp\\Notepad.exe", "calls": [ { "category": "misc", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741515, "api": "GetSystemMetrics", "return_value": 0, "arguments": { "index": 41 }, "time": 1520333398.987644, "tid": 2044, "flags": { "index": "SM_PENWINDOWS" } }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 73, "arguments": { "module_handle": "0x01000000", "id": 1, "string": "Cannot open the %% file.\n\nMake sure a disk is in the drive you specified." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 59, "arguments": { "module_handle": "0x01000000", "id": 2, "string": "Cannot find the %% file.\n\nDo you want to create a new file?" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 70, "arguments": { "module_handle": "0x01000000", "id": 3, "string": "The text in the %% file has changed.\n\nDo you want to save the changes?" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 8, "arguments": { "module_handle": "0x01000000", "id": 4, "string": "Untitled" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 135, "arguments": { "module_handle": "0x01000000", "id": 7, "string": "Not enough memory available to complete this operation. Quit one or more applications to increase available memory, and then try again." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 16, "arguments": { "module_handle": "0x01000000", "id": 6, "string": "Cannot find \"%%\"" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 10, "arguments": { "module_handle": "0x01000000", "id": 5, "string": " - Notepad" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 75, "arguments": { "module_handle": "0x01000000", "id": 8, "string": "The %% file is too large for Notepad.\n\nUse another editor to edit the file." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 9, "string": "Notepad" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 69, "arguments": { "module_handle": "0x01000000", "id": 10, "string": "Failed to Initialize File Dialogs. Change the Filename and try again." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 158, "arguments": { "module_handle": "0x01000000", "id": 11, "string": "Failed to Initialize Print Dialogs. Make sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 146, "arguments": { "module_handle": "0x01000000", "id": 12, "string": "Cannot print the %% file. Be sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 22, "arguments": { "module_handle": "0x01000000", "id": 13, "string": "Not a valid file name." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 77, "arguments": { "module_handle": "0x01000000", "id": 14, "string": "Cannot create the %% file.\n\nMake sure that the path and filename are correct." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 82, "arguments": { "module_handle": "0x01000000", "id": 15, "string": "Cannot carry out the Word Wrap command because there is too much text in the file." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 2, "arguments": { "module_handle": "0x01000000", "id": 16, "string": "%%" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 11, "arguments": { "module_handle": "0x01000000", "id": 17, "string": "notepad.hlp" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 22, "arguments": { "module_handle": "0x01000000", "id": 20, "string": "Text Documents (*.txt)" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 10, "arguments": { "module_handle": "0x01000000", "id": 21, "string": "All Files " }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 4, "arguments": { "module_handle": "0x01000000", "id": 22, "string": "Open" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 23, "string": "Save As" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 154, "arguments": { "module_handle": "0x01000000", "id": 24, "string": "You cannot quit Windows because the Save As dialog\nbox in Notepad is open. Switch to Notepad, close this\ndialog box, and then try quitting Windows again." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 148, "arguments": { "module_handle": "0x01000000", "id": 25, "string": "Cannot access your printer.\nBe sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 117, "arguments": { "module_handle": "0x01000000", "id": 26, "string": "%%\nYou do not have permission to open this file. See the owner of the file or an administrator to obtain permission." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 261, "arguments": { "module_handle": "0x01000000", "id": 27, "string": "%%\n This file contains characters in Unicode format which will be lost if you save this file as an ANSI encoded text file. To keep the Unicode information, click Cancel below and then select one of the Unicode options from the Encoding drop down list. Continue?" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 28, "arguments": { "module_handle": "0x01000000", "id": 29, "string": "Common Dialog error (0x%04x)" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 66, "arguments": { "module_handle": "0x01000000", "id": 28, "string": "Page too small to print one line.\nTry printing using smaller font." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 19, "arguments": { "module_handle": "0x01000000", "id": 30, "string": "Notepad - Goto Line" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 24, "arguments": { "module_handle": "0x01000000", "id": 31, "string": "Line number out of range" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 4, "arguments": { "module_handle": "0x01000000", "id": 32, "string": "ANSI" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 33, "string": "Unicode" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 18, "arguments": { "module_handle": "0x01000000", "id": 34, "string": "Unicode big endian" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 5, "arguments": { "module_handle": "0x01000000", "id": 35, "string": "UTF-8" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 36, "string": "Page %d" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 2, "arguments": { "module_handle": "0x01000000", "id": 18, "string": "&f" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 19, "string": "Page &p" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 18, "arguments": { "module_handle": "0x01000000", "id": 37, "string": " Ln %d, Col %d " }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 12, "arguments": { "module_handle": "0x01000000", "id": 38, "string": " Compressed," }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 11, "arguments": { "module_handle": "0x01000000", "id": 39, "string": " Encrypted," }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 8, "arguments": { "module_handle": "0x01000000", "id": 40, "string": " Hidden," }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 9, "arguments": { "module_handle": "0x01000000", "id": 41, "string": " Offline," }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 10, "arguments": { "module_handle": "0x01000000", "id": 42, "string": " ReadOnly," }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 8, "arguments": { "module_handle": "0x01000000", "id": 43, "string": " System," }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 5, "arguments": { "module_handle": "0x01000000", "id": 44, "string": " File" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 14, "arguments": { "module_handle": "0x01000000", "id": 45, "string": "fFpPtTdDcCrRlL" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 73, "arguments": { "module_handle": "0x01000000", "id": 1, "string": "Cannot open the %% file.\n\nMake sure a disk is in the drive you specified." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 59, "arguments": { "module_handle": "0x01000000", "id": 2, "string": "Cannot find the %% file.\n\nDo you want to create a new file?" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 70, "arguments": { "module_handle": "0x01000000", "id": 3, "string": "The text in the %% file has changed.\n\nDo you want to save the changes?" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 8, "arguments": { "module_handle": "0x01000000", "id": 4, "string": "Untitled" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 135, "arguments": { "module_handle": "0x01000000", "id": 7, "string": "Not enough memory available to complete this operation. Quit one or more applications to increase available memory, and then try again." }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 16, "arguments": { "module_handle": "0x01000000", "id": 6, "string": "Cannot find \"%%\"" }, "time": 1520333398.987644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 10, "arguments": { "module_handle": "0x01000000", "id": 5, "string": " - Notepad" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 75, "arguments": { "module_handle": "0x01000000", "id": 8, "string": "The %% file is too large for Notepad.\n\nUse another editor to edit the file." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 9, "string": "Notepad" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 69, "arguments": { "module_handle": "0x01000000", "id": 10, "string": "Failed to Initialize File Dialogs. Change the Filename and try again." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 158, "arguments": { "module_handle": "0x01000000", "id": 11, "string": "Failed to Initialize Print Dialogs. Make sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 146, "arguments": { "module_handle": "0x01000000", "id": 12, "string": "Cannot print the %% file. Be sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 22, "arguments": { "module_handle": "0x01000000", "id": 13, "string": "Not a valid file name." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 77, "arguments": { "module_handle": "0x01000000", "id": 14, "string": "Cannot create the %% file.\n\nMake sure that the path and filename are correct." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 82, "arguments": { "module_handle": "0x01000000", "id": 15, "string": "Cannot carry out the Word Wrap command because there is too much text in the file." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 2, "arguments": { "module_handle": "0x01000000", "id": 16, "string": "%%" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 11, "arguments": { "module_handle": "0x01000000", "id": 17, "string": "notepad.hlp" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 22, "arguments": { "module_handle": "0x01000000", "id": 20, "string": "Text Documents (*.txt)" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 10, "arguments": { "module_handle": "0x01000000", "id": 21, "string": "All Files " }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 4, "arguments": { "module_handle": "0x01000000", "id": 22, "string": "Open" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 23, "string": "Save As" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 154, "arguments": { "module_handle": "0x01000000", "id": 24, "string": "You cannot quit Windows because the Save As dialog\nbox in Notepad is open. Switch to Notepad, close this\ndialog box, and then try quitting Windows again." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 148, "arguments": { "module_handle": "0x01000000", "id": 25, "string": "Cannot access your printer.\nBe sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 117, "arguments": { "module_handle": "0x01000000", "id": 26, "string": "%%\nYou do not have permission to open this file. See the owner of the file or an administrator to obtain permission." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 261, "arguments": { "module_handle": "0x01000000", "id": 27, "string": "%%\n This file contains characters in Unicode format which will be lost if you save this file as an ANSI encoded text file. To keep the Unicode information, click Cancel below and then select one of the Unicode options from the Encoding drop down list. Continue?" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 28, "arguments": { "module_handle": "0x01000000", "id": 29, "string": "Common Dialog error (0x%04x)" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 66, "arguments": { "module_handle": "0x01000000", "id": 28, "string": "Page too small to print one line.\nTry printing using smaller font." }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 19, "arguments": { "module_handle": "0x01000000", "id": 30, "string": "Notepad - Goto Line" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 24, "arguments": { "module_handle": "0x01000000", "id": 31, "string": "Line number out of range" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 4, "arguments": { "module_handle": "0x01000000", "id": 32, "string": "ANSI" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 33, "string": "Unicode" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 18, "arguments": { "module_handle": "0x01000000", "id": 34, "string": "Unicode big endian" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 5, "arguments": { "module_handle": "0x01000000", "id": 35, "string": "UTF-8" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 36, "string": "Page %d" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 2, "arguments": { "module_handle": "0x01000000", "id": 18, "string": "&f" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 7, "arguments": { "module_handle": "0x01000000", "id": 19, "string": "Page &p" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 18, "arguments": { "module_handle": "0x01000000", "id": 37, "string": " Ln %d, Col %d " }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 12, "arguments": { "module_handle": "0x01000000", "id": 38, "string": " Compressed," }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 11, "arguments": { "module_handle": "0x01000000", "id": 39, "string": " Encrypted," }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 8, "arguments": { "module_handle": "0x01000000", "id": 40, "string": " Hidden," }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 9, "arguments": { "module_handle": "0x01000000", "id": 41, "string": " Offline," }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 10, "arguments": { "module_handle": "0x01000000", "id": 42, "string": " ReadOnly," }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 8, "arguments": { "module_handle": "0x01000000", "id": 43, "string": " System," }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 5, "arguments": { "module_handle": "0x01000000", "id": 44, "string": " File" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "LoadStringW", "return_value": 14, "arguments": { "module_handle": "0x01000000", "id": 45, "string": "fFpPtTdDcCrRlL" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "misc", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741515, "api": "GetSystemMetrics", "return_value": 0, "arguments": { "index": 41 }, "time": 1520333399.002644, "tid": 2044, "flags": { "index": "SM_PENWINDOWS" } }, { "category": "misc", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741515, "api": "GetSystemMetrics", "return_value": 0, "arguments": { "index": 41 }, "time": 1520333399.002644, "tid": 2044, "flags": { "index": "SM_PENWINDOWS" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x00000244", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale" }, "time": 1520333399.002644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741515, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000244", "key_name": "", "value": "", "reg_type": 0, "information_class": 1, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValueFullInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000244" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x00000244", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale" }, "time": 1520333399.002644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741515, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000244", "key_name": "", "value": "", "reg_type": 0, "information_class": 1, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValueFullInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000244" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x00000244", "desired_access": "0x02000000", "regkey": "HKEY_CURRENT_USER" }, "time": 1520333399.002644, "tid": 2044, "flags": { "desired_access": "MAXIMUM_ALLOWED" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtCreateKey", "return_value": 0, "arguments": { "index": 0, "key_handle": "0x00000248", "desired_access": "0x02000000", "class": "", "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad", "disposition": 1, "options": 0 }, "time": 1520333399.002644, "tid": 2044, "flags": { "desired_access": "MAXIMUM_ALLOWED" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfEscapement", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfEscapement" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfOrientation", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfOrientation" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfWeight", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfWeight" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfItalic", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfItalic" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfUnderline", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfUnderline" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfStrikeOut", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfStrikeOut" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfCharSet", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfCharSet" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfOutPrecision", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfOutPrecision" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfClipPrecision", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfClipPrecision" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfQuality", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfQuality" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfPitchAndFamily", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfPitchAndFamily" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "lfFaceName", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfFaceName" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iPointSize", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iPointSize" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "fWrap", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fWrap" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "StatusBar", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\StatusBar" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "fSaveWindowPositions", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fSaveWindowPositions" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "szHeader", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\szHeader" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "szTrailer", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\szTrailer" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iMarginTop", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginTop" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iMarginBottom", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginBottom" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iMarginLeft", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginLeft" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iMarginRight", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginRight" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iWindowPosY", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosY" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iWindowPosX", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosX" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iWindowPosDX", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosDX" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "iWindowPosDY", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosDY" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "RegQueryValueExW", "return_value": 2, "arguments": { "key_handle": "0x00000248", "value": "", "regkey_r": "fMLE_is_broken", "reg_type": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fMLE_is_broken" }, "time": 1520333399.002644, "tid": 2044, "flags": { "reg_type": "REG_NONE" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "RegCloseKey", "return_value": 0, "arguments": { "key_handle": "0x00000248" }, "time": 1520333399.002644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x00000248", "section_name": "MSCTF.dll", "desired_access": "0x0000000f" }, "time": 1520333399.002644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x00000248", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 1327104, "base_address": "0x76e40000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x76f34000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x76f30000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x0000024c", "section_name": "OLEAUT32.dll", "desired_access": "0x0000000f" }, "time": 1520333399.002644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000024c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 602112, "base_address": "0x73e80000" }, "time": 1520333399.002644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f0a000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f07000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000024c" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000248" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f07000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x76f30000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000248", "filepath": "C:\\Windows\\System32\\oleaut32.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\System32\\OLEAUT32.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000248" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000248", "filepath": "C:\\Windows\\System32\\msctf.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\System32\\MSCTF.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000248" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "api-ms-win-core-synch-l1-2-0.dll", "stack_pivoted": 0, "module_address": "0x74fa0000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 126, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "ext-ms-win-ole32-oleautomation-l1-1-0.dll", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 203, "nt_status": -1073741568, "api": "NtOpenKeyEx", "return_value": 3221225524, "arguments": { "key_handle": "0x00000000", "desired_access": "0x00000001", "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT", "options": 0 }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "api-ms-win-core-synch-l1-2-0.dll", "stack_pivoted": 0, "module_address": "0x74fa0000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x7709d000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x7709d000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000024c" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000250" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x7709d000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x7709d000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x00000250", "section_name": "\\Sessions\\1\\Windows\\ThemeSection", "desired_access": "0x00000004" }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x00000250", "process_identifier": 5676, "commit_size": 0, "win32_protect": 2, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 4096, "base_address": "0x00750000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "win32_protect": "PAGE_READONLY", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x0000024c", "section_name": "\\Windows\\Theme497693624", "desired_access": "0x00000004" }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x00000254", "section_name": "\\Sessions\\1\\Windows\\Theme2049163234", "desired_access": "0x00000004" }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000250" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000024c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 2, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 733184, "base_address": "0x00c90000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "win32_protect": "PAGE_READONLY", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x00000254", "process_identifier": 5676, "commit_size": 0, "win32_protect": 2, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 16384, "base_address": "0x00750000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "win32_protect": "PAGE_READONLY", "allocation_type": "" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "dwmapi.dll", "desired_access": "0x0000000f" }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\system32\\dwmapi.dll", "filepath": "C:\\Windows\\System32\\dwmapi.dll" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000250", "filepath": "C:\\Windows\\System32\\dwmapi.dll", "desired_access": "0x00100021", "filepath_r": "\\??\\C:\\Windows\\system32\\dwmapi.dll", "open_options": 96, "status_info": 1, "share_access": 5 }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_EXECUTE|FILE_LIST_DIRECTORY|FILE_TRAVERSE", "status_info": "FILE_OPENED", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtCreateSection", "return_value": 0, "arguments": { "section_handle": "0x00000258", "object_handle": "0x00000000", "desired_access": "0x0000000f", "protection": 16, "section_name": "", "file_handle": "0x00000250" }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x00000258", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 143360, "base_address": "0x72570000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x7258b000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x72589000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000258" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000250" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x72589000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000250", "filepath": "C:\\Windows\\System32\\dwmapi.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\system32\\dwmapi.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000250" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "api-ms-win-core-synch-l1-2-0.dll", "stack_pivoted": 0, "module_address": "0x74fa0000" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x72562000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x72562000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00b81000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 8192, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00b82000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 8192, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00b84000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x0000025c", "desired_access": "0x00000009", "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager" }, "time": 1520333399.018644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x0000025c", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies" }, "time": 1520333399.018644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000025c" }, "time": 1520333399.018644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 16384, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 8192, "base_address": "0x00b10000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_RESERVE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00b10000" }, "time": 1520333399.018644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&File" }, "time": 1520333399.033644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Edit" }, "time": 1520333399.033644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "F&ormat" }, "time": 1520333399.033644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&View" }, "time": 1520333399.033644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Help" }, "time": 1520333399.033644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "comctl32", "module_address": "0x72180000", "flags": 0, "module_name": "comctl32.dll", "stack_pivoted": 0 }, "time": 1520333399.033644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtQueryValueKey", "return_value": 0, "arguments": { "key_handle": "0x000000d0", "key_name": "000602xx", "value": "kernel32.dll", "reg_type": 1, "information_class": 1, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000602xx" }, "time": 1520333399.033644, "tid": 2044, "flags": { "reg_type": "REG_SZ", "information_class": "KeyValueFullInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "kernel32", "module_address": "0x76b20000", "flags": 0, "module_name": "kernel32.dll", "stack_pivoted": 0 }, "time": 1520333399.033644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtCreateFile", "return_value": 0, "arguments": { "create_disposition": 1, "file_handle": "0x00000270", "filepath": "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls", "desired_access": "0x80100080", "file_attributes": 128, "filepath_r": "\\??\\C:\\Windows\\Globalization\\Sorting\\sortdefault.nls", "create_options": 96, "status_info": 1, "share_access": 1 }, "time": 1520333399.049644, "tid": 2044, "flags": { "create_disposition": "FILE_OPEN", "desired_access": "FILE_READ_ATTRIBUTES|SYNCHRONIZE", "create_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "file_attributes": "FILE_ATTRIBUTE_NORMAL", "status_info": "FILE_OPENED", "share_access": "FILE_SHARE_READ" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtCreateSection", "return_value": 0, "arguments": { "section_handle": "0x00000274", "object_handle": "0x00000000", "desired_access": "0x000f0005", "protection": 2, "section_name": "", "file_handle": "0x00000270" }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "STANDARD_RIGHTS_REQUIRED|DELETE|READ_CONTROL|WRITE_DAC|WRITE_OWNER" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x00000274", "process_identifier": 5676, "commit_size": 0, "win32_protect": 2, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 3371008, "base_address": "0x058f0000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "win32_protect": "PAGE_READONLY", "allocation_type": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000274" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000270" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x00000270", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids" }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000270", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US" }, "time": 1520333399.049644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000270", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en" }, "time": 1520333399.049644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 524288, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 8192, "base_address": "0x00d50000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_RESERVE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00d50000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x72330000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x72330000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00b86000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x72330000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x72330000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x73f3e000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtOpenKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000000", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\SideBySide" }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "file", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtOpenFile", "return_value": 3221225524, "arguments": { "file_handle": "0x00000000", "filepath": "C:\\Windows\\System32\\uxtheme.dll.Config", "desired_access": "0x001200a9", "filepath_r": "\\??\\C:\\Windows\\system32\\uxtheme.dll.Config", "open_options": 96, "status_info": 4294967295, "share_access": 5 }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_EXECUTE|FILE_LIST_DIRECTORY|FILE_TRAVERSE", "status_info": "", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000274", "filepath": "C:\\Windows\\System32\\uxtheme.dll", "desired_access": "0x00120089", "filepath_r": "\\??\\C:\\Windows\\system32\\uxtheme.dll", "open_options": 96, "status_info": 1, "share_access": 5 }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_READ_ATTRIBUTES|FILE_READ_EA|FILE_LIST_DIRECTORY", "status_info": "FILE_OPENED", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryInformationFile", "return_value": 0, "arguments": { "file_handle": "0x00000274", "information_class": 4 }, "time": 1520333399.049644, "tid": 2044, "flags": { "information_class": "FileBasicInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000274" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "comctl32", "module_address": "0x72180000", "flags": 0, "module_name": "comctl32", "stack_pivoted": 0 }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtUnmapViewOfSection", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 8192, "process_handle": "0xffffffff", "base_address": "0x00b20000" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000274" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "misc", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "GetSystemMetrics", "return_value": 0, "arguments": { "index": 4096 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_REMOTESESSION" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x72330000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x72330000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "ntdll.dll", "stack_pivoted": 0, "module_address": "0x77180000" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "synchronisation", "status": 1, "stacktrace": [], "api": "NtCreateMutant", "return_value": 1073741824, "arguments": { "initial_owner": 0, "desired_access": "0x001f0001", "mutant_name": "Local\\SM0:5676:168:WilStaging_02", "mutant_handle": "0x00000274" }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "STANDARD_RIGHTS_ALL|STANDARD_RIGHTS_REQUIRED|DELETE|READ_CONTROL|WRITE_DAC|WRITE_OWNER|SYNCHRONIZE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000278" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000274" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "synchronisation", "status": 1, "stacktrace": [], "api": "NtCreateMutant", "return_value": 0, "arguments": { "initial_owner": 0, "desired_access": "0x001f0001", "mutant_name": "Local\\SM0:5676:64:WilError_01", "mutant_handle": "0x00000274" }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "STANDARD_RIGHTS_ALL|STANDARD_RIGHTS_REQUIRED|DELETE|READ_CONTROL|WRITE_DAC|WRITE_OWNER|SYNCHRONIZE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x0000027c", "section_name": "windows_shell_global_counters", "desired_access": "0x00000006" }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000027c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 4096, "base_address": "0x00b20000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKeyEx", "return_value": 0, "arguments": { "key_handle": "0x00000280", "desired_access": "0x00000001", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "options": 0 }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000280", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations" }, "time": 1520333399.049644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000280" }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtOpenKeyEx", "return_value": 3221225524, "arguments": { "key_handle": "0x00000000", "desired_access": "0x00000001", "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "options": 0 }, "time": 1520333399.049644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 5 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CXBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 6 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CYBORDER" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "comctl32", "module_address": "0x72180000", "flags": 0, "module_name": "comctl32.dll", "stack_pivoted": 0 }, "time": 1520333399.049644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 12288, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x005ff000" }, "time": 1520333399.049644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 5 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CXBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 5 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CXBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 6 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CYBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 6 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CYBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 5 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CXBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 5 }, "time": 1520333399.049644, "tid": 2044, "flags": { "index": "SM_CXBORDER" } }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&File" }, "time": 1520333399.065644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Edit" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "F&ormat" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&View" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Help" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "GetForegroundWindow", "return_value": 459738, "arguments": {}, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "GetForegroundWindow", "return_value": 459738, "arguments": {}, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000284" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000288" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtOpenKeyEx", "return_value": 3221225524, "arguments": { "key_handle": "0x00000000", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\Notepad.exe", "options": 0 }, "time": 1520333399.080644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "C:\\Windows\\system32\\rpcss.dll", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtQuerySystemInformation", "return_value": 0, "arguments": { "information_class": 0 }, "time": 1520333399.080644, "tid": 2044, "flags": { "information_class": "SystemBasicInformation" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x76760000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x76760000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "UuidCreate", "return_value": 0, "arguments": { "uuid": "{991cf611-ba27-45d0-aaf3-351f4f8325ea}" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "misc", "status": 1, "stacktrace": [], "api": "UuidCreate", "return_value": 0, "arguments": { "uuid": "{c8ed72fc-4170-4e1f-9c7d-58c280e3892f}" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x76760000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x76760000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x7709d000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x7709d000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000028c" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000290" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000290" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000028c" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000028c" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000290" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "synchronisation", "status": 1, "stacktrace": [], "api": "NtOpenMutant", "return_value": 0, "arguments": { "desired_access": "0x00100000", "mutant_name": "Local\\MSCTF.Asm.MutexDefault1", "mutant_handle": "0x00000290" }, "time": 1520333399.080644, "tid": 2044, "flags": { "desired_access": "SYNCHRONIZE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x0000028c", "section_name": "Local\\CTF.AsmListCache.FMPDefault1", "desired_access": "0x00000004" }, "time": 1520333399.080644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000028c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 2, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 4096, "base_address": "0x00b30000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "win32_protect": "PAGE_READONLY", "allocation_type": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000028c" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtOpenKeyEx", "return_value": 3221225524, "arguments": { "key_handle": "0x00000000", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\Notepad.exe", "options": 0 }, "time": 1520333399.080644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "misc", "status": 0, "stacktrace": [], "last_error": 2, "nt_status": -1073741772, "api": "GetSystemMetrics", "return_value": 0, "arguments": { "index": 8192 }, "time": 1520333399.080644, "tid": 2044, "flags": { "index": "SM_SHUTTINGDOWN" } }, { "category": "synchronisation", "status": 0, "stacktrace": [], "last_error": 2, "nt_status": -1073741772, "api": "NtOpenMutant", "return_value": 3221225524, "arguments": { "desired_access": "0x00100000", "mutant_name": "CicLoadWinStaWinSta0", "mutant_handle": "0x00000000" }, "time": 1520333399.080644, "tid": 2044, "flags": { "desired_access": "SYNCHRONIZE" } }, { "category": "misc", "status": 0, "stacktrace": [], "last_error": 2, "nt_status": -1073741772, "api": "GetSystemMetrics", "return_value": 0, "arguments": { "index": 67 }, "time": 1520333399.080644, "tid": 2044, "flags": { "index": "SM_CLEANBOOT" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000028c" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "ntdll.dll", "stack_pivoted": 0, "module_address": "0x77180000" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "synchronisation", "status": 1, "stacktrace": [], "api": "NtCreateMutant", "return_value": 1073741824, "arguments": { "initial_owner": 0, "desired_access": "0x001f0001", "mutant_name": "Local\\SM0:5676:168:WilStaging_02", "mutant_handle": "0x00000294" }, "time": 1520333399.080644, "tid": 2044, "flags": { "desired_access": "STANDARD_RIGHTS_ALL|STANDARD_RIGHTS_REQUIRED|DELETE|READ_CONTROL|WRITE_DAC|WRITE_OWNER|SYNCHRONIZE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000294" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "TextInputFramework.dll", "desired_access": "0x0000000f" }, "time": 1520333399.080644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\System32\\TextInputFramework.dll", "filepath": "C:\\Windows\\System32\\TextInputFramework.dll" }, "time": 1520333399.080644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\TextInputFramework.dll", "desired_access": "0x00100021", "filepath_r": "\\??\\C:\\Windows\\System32\\TextInputFramework.dll", "open_options": 96, "status_info": 1, "share_access": 5 }, "time": 1520333399.096644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_EXECUTE|FILE_LIST_DIRECTORY|FILE_TRAVERSE", "status_info": "FILE_OPENED", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtCreateSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "object_handle": "0x00000000", "desired_access": "0x0000000f", "protection": 16, "section_name": "", "file_handle": "0x00000298" }, "time": 1520333399.096644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 487424, "base_address": "0x6e310000" }, "time": 1520333399.096644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e380000" }, "time": 1520333399.096644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.096644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.096644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e37e000" }, "time": 1520333399.096644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 65536, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x0060d000" }, "time": 1520333399.096644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "CoreUIComponents.dll", "desired_access": "0x0000000f" }, "time": 1520333399.096644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "CoreMessaging.dll", "desired_access": "0x0000000f" }, "time": 1520333399.096644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000029c" }, "time": 1520333399.096644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.096644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\System32\\CoreUIComponents.dll", "filepath": "C:\\Windows\\System32\\CoreUIComponents.dll" }, "time": 1520333399.096644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\CoreUIComponents.dll", "desired_access": "0x00100021", "filepath_r": "\\??\\C:\\Windows\\System32\\CoreUIComponents.dll", "open_options": 96, "status_info": 1, "share_access": 5 }, "time": 1520333399.112644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_EXECUTE|FILE_LIST_DIRECTORY|FILE_TRAVERSE", "status_info": "FILE_OPENED", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtCreateSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "object_handle": "0x00000000", "desired_access": "0x0000000f", "protection": 16, "section_name": "", "file_handle": "0x00000298" }, "time": 1520333399.112644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 2310144, "base_address": "0x6e0d0000" }, "time": 1520333399.112644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e2a6000" }, "time": 1520333399.112644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.112644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.112644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e210000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "ntmarta.dll", "desired_access": "0x0000000f" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "CoreMessaging.dll", "desired_access": "0x0000000f" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "wintypes.dll", "desired_access": "0x0000000f" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "wintypes.dll", "desired_access": "0x0000000f" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "NtOpenSection", "return_value": 3221225524, "arguments": { "section_handle": "0x00000000", "section_name": "wintypes.dll", "desired_access": "0x0000000f" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000029c" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 126976, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x0060f000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\System32\\CoreMessaging.dll", "filepath": "C:\\Windows\\System32\\CoreMessaging.dll" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\CoreMessaging.dll", "desired_access": "0x00100021", "filepath_r": "\\??\\C:\\Windows\\System32\\CoreMessaging.dll", "open_options": 96, "status_info": 1, "share_access": 5 }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_EXECUTE|FILE_LIST_DIRECTORY|FILE_TRAVERSE", "status_info": "FILE_OPENED", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtCreateSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "object_handle": "0x00000000", "desired_access": "0x0000000f", "protection": 16, "section_name": "", "file_handle": "0x00000298" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 573440, "base_address": "0x6e040000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e09c000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000029c" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\ntmarta.dll", "filepath": "C:\\Windows\\System32\\ntmarta.dll" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\ntmarta.dll", "desired_access": "0x00100021", "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\ntmarta.dll", "open_options": 96, "status_info": 1, "share_access": 5 }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_EXECUTE|FILE_LIST_DIRECTORY|FILE_TRAVERSE", "status_info": "FILE_OPENED", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtCreateSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "object_handle": "0x00000000", "desired_access": "0x0000000f", "protection": 16, "section_name": "", "file_handle": "0x00000298" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 163840, "base_address": "0x6fbd0000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6fbf4000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6fbf2000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000029c" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\System32\\CoreMessaging.dll", "filepath": "C:\\Windows\\System32\\CoreMessaging.dll" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\wintypes.dll", "filepath": "C:\\Windows\\System32\\WinTypes.dll" }, "time": 1520333399.127644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\WinTypes.dll", "desired_access": "0x00100021", "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\wintypes.dll", "open_options": 96, "status_info": 1, "share_access": 5 }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "FILE_READ_DATA|FILE_EXECUTE|FILE_LIST_DIRECTORY|FILE_TRAVERSE", "status_info": "FILE_OPENED", "open_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtCreateSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "object_handle": "0x00000000", "desired_access": "0x0000000f", "protection": 16, "section_name": "", "file_handle": "0x00000298" }, "time": 1520333399.127644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000029c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 4, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 8388608, "section_offset": 0, "view_size": 831488, "base_address": "0x6fca0000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "win32_protect": "PAGE_READWRITE", "allocation_type": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6fd54000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 12288, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x77299000" }, "time": 1520333399.127644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6fd52000" }, "time": 1520333399.143644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000029c" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\wintypes.dll", "filepath": "C:\\Windows\\System32\\WinTypes.dll" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtQueryAttributesFile", "return_value": 0, "arguments": { "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\wintypes.dll", "filepath": "C:\\Windows\\System32\\WinTypes.dll" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e37e000" }, "time": 1520333399.143644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e09c000" }, "time": 1520333399.143644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6fbf2000" }, "time": 1520333399.143644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6fd52000" }, "time": 1520333399.143644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e210000" }, "time": 1520333399.143644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\ntmarta.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\ntmarta.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.143644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\CoreMessaging.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\System32\\CoreMessaging.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.143644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\WinTypes.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\SYSTEM32\\wintypes.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.143644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\CoreUIComponents.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\System32\\CoreUIComponents.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.143644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "DDRAW.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D8.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 0, "stacktrace": [], "last_error": 298, "nt_status": -1073741753, "api": "LdrGetDllHandle", "return_value": 3221225781, "arguments": { "module_name": "D3D9.DLL", "stack_pivoted": 0, "module_address": "0x00000000" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenFile", "return_value": 0, "arguments": { "file_handle": "0x00000298", "filepath": "C:\\Windows\\System32\\TextInputFramework.dll", "desired_access": "0x00020000", "filepath_r": "\\??\\C:\\Windows\\System32\\TextInputFramework.dll", "open_options": 0, "status_info": 1, "share_access": 5 }, "time": 1520333399.143644, "tid": 2044, "flags": { "desired_access": "", "status_info": "FILE_OPENED", "open_options": "", "share_access": "FILE_SHARE_READ|FILE_SHARE_DELETE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000298" }, "time": 1520333399.143644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "api-ms-win-core-synch-l1-2-0.dll", "stack_pivoted": 0, "module_address": "0x74fa0000" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x000002c8", "desired_access": "0x00000009", "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager" }, "time": 1520333399.158644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741753, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x000002c8", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies" }, "time": 1520333399.158644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002c8" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 16384, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 8192, "base_address": "0x00b30000" }, "time": 1520333399.158644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_RESERVE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00b30000" }, "time": 1520333399.158644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00766000" }, "time": 1520333399.158644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "api-ms-win-core-synch-l1-2-0.dll", "stack_pivoted": 0, "module_address": "0x74fa0000" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x76f34000" }, "time": 1520333399.158644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x76f34000" }, "time": 1520333399.158644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002d0" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002d4" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002d4" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002d0" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 122880, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00610000" }, "time": 1520333399.158644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKeyEx", "return_value": 0, "arguments": { "key_handle": "0x000002d0", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\", "options": 0 }, "time": 1520333399.158644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x000002d0", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext" }, "time": 1520333399.158644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002d0" }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "OLEAUT32", "module_address": "0x73e80000", "flags": 0, "module_name": "OLEAUT32.DLL", "stack_pivoted": 0 }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "GetSystemInfo", "return_value": 0, "arguments": { "processor_count": 1 }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 8388608, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 1, "process_handle": "0xffffffff", "allocation_type": 8192, "base_address": "0x05c30000" }, "time": 1520333399.158644, "tid": 2044, "flags": { "protection": "PAGE_NOACCESS", "allocation_type": "MEM_RESERVE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "GetSystemInfo", "return_value": 0, "arguments": { "processor_count": 1 }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtQuerySystemInformation", "return_value": 0, "arguments": { "information_class": 58 }, "time": 1520333399.158644, "tid": 2044, "flags": { "information_class": "SystemRecommendedSharedDataAlignment" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtDuplicateObject", "return_value": 0, "arguments": { "handle_attributes": 2, "source_process_identifier": 5676, "source_handle": "0xfffffffe", "target_process_identifier": 5676, "desired_access": "0x00000000", "target_process_handle": "0xffffffff", "target_handle": "0x000002d4", "source_process_handle": "0xffffffff", "options": 2 }, "time": 1520333399.158644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "rpcrt4", "module_address": "0x770b0000", "flags": 0, "module_name": "rpcrt4.dll", "stack_pivoted": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtQuerySystemInformation", "return_value": 0, "arguments": { "information_class": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": { "information_class": "SystemBasicInformation" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKeyEx", "return_value": 0, "arguments": { "key_handle": "0x000002e4", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc", "options": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x000002e4", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002e4" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x000002e8", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtQueryValueKey", "return_value": 0, "arguments": { "key_handle": "0x000002e8", "key_name": "ComputerName", "value": "DESKTOP-LBC2HRA", "reg_type": 1, "information_class": 1, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_SZ", "information_class": "KeyValueFullInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002e8" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x000002e8", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\System\\Setup" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtQueryValueKey", "return_value": 0, "arguments": { "key_handle": "0x000002e8", "key_name": "OOBEInProgress", "value": 0, "reg_type": 4, "information_class": 1, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_DWORD", "information_class": "KeyValueFullInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002e8" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x000002e8", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\System\\Setup" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtQueryValueKey", "return_value": 0, "arguments": { "key_handle": "0x000002e8", "key_name": "SystemSetupInProgress", "value": 0, "reg_type": 4, "information_class": 1, "regkey": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_DWORD", "information_class": "KeyValueFullInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002e8" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 203, "nt_status": -1073741568, "api": "NtOpenKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000000", "desired_access": "0x00000009", "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Notepad.exe" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "file", "status": 1, "stacktrace": [], "api": "NtOpenDirectoryObject", "return_value": 0, "arguments": { "desired_access": "0x00020001", "dirpath_r": "\\RPC Control", "dirpath": "C:\\RPC Control", "directory_handle": "0x000002e8" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002e8" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002ec" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 1008, "nt_status": -1073741700, "api": "NtOpenKeyEx", "return_value": 3221225524, "arguments": { "key_handle": "0x00000000", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc", "options": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtQuerySystemInformation", "return_value": 0, "arguments": { "information_class": 182 }, "time": 1520333399.174644, "tid": 2044, "flags": { "information_class": "" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKeyEx", "return_value": 0, "arguments": { "key_handle": "0x000002f4", "desired_access": "0x00000001", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc", "options": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 1008, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x000002f4", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\IdleTimerWindow" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002f4" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtDuplicateObject", "return_value": 0, "arguments": { "handle_attributes": 0, "source_process_identifier": 5676, "source_handle": "0xfffffffe", "target_process_identifier": 5676, "desired_access": "0x00000000", "target_process_handle": "0xffffffff", "target_handle": "0x000002f8", "source_process_handle": "0xffffffff", "options": 2 }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 12288, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x00767000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", "stack_pivoted": 0, "module_address": "0x76c40000" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0", "module_address": "0x76c40000", "flags": 0, "module_name": "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", "stack_pivoted": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "ext-ms-win-rtcore-ntuser-integration-l1-1-0", "module_address": "0x76c40000", "flags": 0, "module_name": "ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll", "stack_pivoted": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 20480, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x0076a000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtDuplicateObject", "return_value": 0, "arguments": { "handle_attributes": 0, "source_process_identifier": 5676, "source_handle": "0xfffffffe", "target_process_identifier": 5676, "desired_access": "0x00000000", "target_process_handle": "0xffffffff", "target_handle": "0x00000330", "source_process_handle": "0xffffffff", "options": 2 }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtDuplicateObject", "return_value": 0, "arguments": { "handle_attributes": 2, "source_process_identifier": 5676, "source_handle": "0xfffffffe", "target_process_identifier": 5676, "desired_access": "0x00000000", "target_process_handle": "0xffffffff", "target_handle": "0x00000338", "source_process_handle": "0xffffffff", "options": 2 }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x0000033c", "desired_access": "0x00020119", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x0000033c", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000033c" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "api-ms-win-core-com-l1-1-0", "module_address": "0x76550000", "flags": 0, "module_name": "api-ms-win-core-com-l1-1-0.dll", "stack_pivoted": 0 }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "UuidCreate", "return_value": 0, "arguments": { "uuid": "{5d6e4496-a6f4-4656-9a77-56dc22571817}" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x00000344", "desired_access": "0x00020119", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x00000344", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000344" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtAllocateVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "region_size": 4096, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "protection": 4, "process_handle": "0xffffffff", "allocation_type": 4096, "base_address": "0x05c30000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE", "allocation_type": "MEM_COMMIT" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.174644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x0000034c", "desired_access": "0x00020119", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x0000034c", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000034c" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x0000034c", "desired_access": "0x00020119", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM" }, "time": 1520333399.174644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x0000034c", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm" }, "time": 1520333399.174644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000034c" }, "time": 1520333399.174644, "tid": 2044, "flags": {} }, { "category": "synchronisation", "status": 1, "stacktrace": [], "api": "GetSystemTimeAsFileTime", "return_value": 0, "arguments": {}, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKeyEx", "return_value": 0, "arguments": { "key_handle": "0x0000034c", "desired_access": "0x00020019", "regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Input", "options": 0 }, "time": 1520333399.190644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x0000034c", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime" }, "time": 1520333399.190644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": -1073741772, "api": "NtQueryValueKey", "return_value": 3221225524, "arguments": { "key_handle": "0x0000034c", "key_name": "", "value": "", "reg_type": 0, "information_class": 2, "regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts" }, "time": 1520333399.190644, "tid": 2044, "flags": { "reg_type": "REG_NONE", "information_class": "KeyValuePartialInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000034c" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e380000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e380000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x0000034c", "section_name": "AsyncKeyStateTrackerSharedMemory", "desired_access": "0x00000004" }, "time": 1520333399.190644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000034c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 2, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 4096, "base_address": "0x00b40000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "win32_protect": "PAGE_READONLY", "allocation_type": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000034c" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e380000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e380000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x76f34000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x76f34000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtOpenSection", "return_value": 0, "arguments": { "section_handle": "0x0000034c", "section_name": "AsyncKeyStateTrackerSharedMemory", "desired_access": "0x00000004" }, "time": 1520333399.190644, "tid": 2044, "flags": { "desired_access": "" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtMapViewOfSection", "return_value": 0, "arguments": { "section_handle": "0x0000034c", "process_identifier": 5676, "commit_size": 0, "win32_protect": 2, "buffer": "", "process_handle": "0xffffffff", "allocation_type": 0, "section_offset": 0, "view_size": 4096, "base_address": "0x00b40000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "win32_protect": "PAGE_READONLY", "allocation_type": "" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000034c" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrGetDllHandle", "return_value": 0, "arguments": { "module_name": "USER32", "stack_pivoted": 0, "module_address": "0x76c40000" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "LdrLoadDll", "return_value": 0, "arguments": { "basename": "MSCTF", "module_address": "0x76e40000", "flags": 0, "module_name": "C:\\Windows\\System32\\MSCTF.dll", "stack_pivoted": 0 }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKey", "return_value": 0, "arguments": { "key_handle": "0x0000034c", "desired_access": "0x00020019", "regkey": "HKEY_CURRENT_USER" }, "time": 1520333399.190644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "registry", "status": 1, "stacktrace": [], "api": "NtOpenKeyEx", "return_value": 0, "arguments": { "key_handle": "0x00000350", "desired_access": "0x00020019", "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys", "options": 0 }, "time": 1520333399.190644, "tid": 2044, "flags": { "desired_access": "READ_CONTROL" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x0000034c" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "registry", "status": 0, "stacktrace": [], "last_error": 0, "nt_status": 0, "api": "NtEnumerateKey", "return_value": 2147483674, "arguments": { "index": 0, "key_handle": "0x00000350", "buffer": "", "information_class": 0, "regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys" }, "time": 1520333399.190644, "tid": 2044, "flags": { "information_class": "KeyBasicInformation" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x00000350" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&File" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Edit" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "F&ormat" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&View" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Help" }, "time": 1520333399.190644, "tid": 2044, "flags": {} }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 6 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_CYBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 5 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_CXBORDER" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.190644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 4, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.205644, "tid": 2044, "flags": { "protection": "PAGE_READWRITE" } }, { "category": "process", "status": 1, "stacktrace": [], "api": "NtProtectVirtualMemory", "return_value": 0, "arguments": { "process_identifier": 5676, "stack_dep_bypass": 0, "stack_pivoted": 0, "heap_dep_bypass": 0, "length": 4096, "protection": 2, "process_handle": "0xffffffff", "base_address": "0x6e0b9000" }, "time": 1520333399.205644, "tid": 2044, "flags": { "protection": "PAGE_READONLY" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.221644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.674644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.674644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.674644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&File" }, "time": 1520333399.705644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Edit" }, "time": 1520333399.705644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "F&ormat" }, "time": 1520333399.705644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&View" }, "time": 1520333399.705644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&Help" }, "time": 1520333399.705644, "tid": 2044, "flags": {} }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 1, "arguments": { "index": 82 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_IMMENABLED" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333399.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&View" }, "time": 1520333402.002644, "tid": 2044, "flags": {} }, { "category": "ui", "status": 1, "stacktrace": [], "api": "DrawTextExW", "return_value": 15, "arguments": { "string": "&View" }, "time": 1520333403.002644, "tid": 2044, "flags": {} }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333406.362644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333406.362644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333406.362644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333406.362644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333406.362644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333406.362644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333406.362644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333407.377644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.377644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.377644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333407.377644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.377644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.377644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333407.377644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333407.471644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.471644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.471644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333407.471644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.471644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333407.471644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333407.471644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333408.487644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333408.487644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333408.487644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333408.487644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333408.487644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333408.487644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333408.487644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333409.643644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333409.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333409.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333409.643644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333409.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333409.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333409.643644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333410.658644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.658644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.658644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333410.658644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.658644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.658644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333410.658644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333410.737644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.737644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.737644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333410.737644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.737644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333410.737644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333410.737644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333411.752644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333411.752644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333411.752644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333411.752644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333411.752644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333411.752644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333411.752644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333412.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333412.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333412.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333412.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333412.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333412.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333412.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333413.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333413.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333413.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333413.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333413.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333413.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333413.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333414.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333414.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333414.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333414.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333414.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333414.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333414.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333415.033644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333415.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333415.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333415.033644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333415.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333415.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333415.033644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333420.502644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333420.502644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333420.502644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333420.502644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333420.502644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333420.502644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333420.502644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333421.518644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.518644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.518644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333421.518644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.518644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.518644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333421.518644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333421.596644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333421.596644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333421.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333421.596644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333422.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333422.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333422.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333422.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333422.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333422.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333422.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333427.065644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333427.065644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333427.065644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333427.065644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333427.065644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333427.065644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333427.065644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333428.080644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.080644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.080644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333428.080644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.080644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.080644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333428.080644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333428.127644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333428.127644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333428.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333428.127644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333429.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333429.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333429.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333429.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333429.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333429.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333429.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtDuplicateObject", "return_value": 0, "arguments": { "handle_attributes": 0, "source_process_identifier": 5676, "source_handle": "0xfffffffe", "target_process_identifier": 5676, "desired_access": "0x00000000", "target_process_handle": "0xffffffff", "target_handle": "0x00000354", "source_process_handle": "0xffffffff", "options": 2 }, "time": 1520333429.174644, "tid": 6020, "flags": {} }, { "category": "system", "status": 1, "stacktrace": [], "api": "NtClose", "return_value": 0, "arguments": { "handle": "0x000002fc" }, "time": 1520333429.174644, "tid": 6020, "flags": {} }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333432.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333432.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333432.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333432.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333432.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333432.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333432.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333433.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333433.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333433.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333433.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333433.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333433.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333433.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333434.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333434.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333434.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333434.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333434.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333434.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333434.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333435.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333435.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333435.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333435.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333435.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333435.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333435.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333436.799644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333436.799644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333436.799644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333436.846644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333436.846644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333436.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333436.846644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333437.862644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333437.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333437.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333437.862644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333437.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333437.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333437.862644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333441.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333441.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333441.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333441.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333441.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333441.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333441.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333442.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333442.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333442.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333442.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333442.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333442.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333442.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333444.440644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333444.440644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333444.440644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333444.440644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333444.440644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333444.440644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333444.440644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333445.455644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333445.455644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333445.455644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333445.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333445.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333445.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333445.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333446.549644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333446.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333446.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333446.549644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333446.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333446.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333446.549644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333447.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333447.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333447.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333447.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333447.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333447.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333447.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333448.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333448.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333448.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333448.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333448.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333448.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333448.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333449.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333449.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333449.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333449.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333449.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333449.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333449.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333450.940644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333450.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333450.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333450.940644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333450.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333450.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333450.940644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333451.971644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333451.971644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333451.971644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333451.971644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333451.971644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333451.971644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333451.971644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333459.721644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333459.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333459.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333459.721644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333459.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333459.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333459.721644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333460.721644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333460.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333460.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333460.721644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333460.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333460.721644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333460.721644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333461.877644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333461.877644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333461.877644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333461.877644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333461.877644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333461.877644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333461.877644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333462.893644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333462.893644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333462.893644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333462.893644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333462.893644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333462.893644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333462.893644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333466.283644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333466.283644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333466.283644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333466.283644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333466.283644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333466.283644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333466.283644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333467.299644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333467.299644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333467.299644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333467.299644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333467.299644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333467.299644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333467.299644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333471.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333471.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333471.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333471.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333471.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333471.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333471.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333472.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333472.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.705644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333472.705644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333472.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333472.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333472.768644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333472.768644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333473.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333473.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333473.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333473.846644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333473.846644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333473.846644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333473.846644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333474.862644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333474.862644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.862644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333474.862644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333474.940644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333474.940644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333474.940644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333474.940644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333475.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333475.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333475.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333475.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333475.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333475.955644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333475.955644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333477.112644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333477.112644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333477.112644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333477.112644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333477.112644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333477.112644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333477.112644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333478.127644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333478.127644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.127644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333478.127644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333478.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333478.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333478.205644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333478.205644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333479.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333479.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333479.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333479.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333479.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333479.221644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333479.221644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333481.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333481.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333481.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333481.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333481.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333481.533644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333481.533644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333482.549644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333482.549644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.549644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333482.549644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333482.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333482.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333482.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333482.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333483.643644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333483.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333483.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333483.643644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333483.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333483.643644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333483.643644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333488.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333488.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333488.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333488.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333488.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333488.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333488.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333489.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333489.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333489.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333489.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333489.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333489.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333489.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333490.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333490.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333490.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333490.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333490.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333490.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333490.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333491.190644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333491.190644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333491.190644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333491.268644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333491.268644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333491.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333491.268644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333492.268644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333492.268644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.268644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333492.268644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333492.330644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.330644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.330644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333492.330644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.330644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333492.330644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333492.330644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333493.346644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.346644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.346644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333493.346644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.346644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.346644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333493.346644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333493.408644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.408644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.408644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333493.408644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.408644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333493.408644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333493.408644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333494.424644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333494.424644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333494.424644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333494.424644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333494.424644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333494.424644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333494.424644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333495.596644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333495.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333495.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333495.596644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333495.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333495.596644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333495.596644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333496.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333496.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333496.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333496.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333496.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333496.612644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333496.612644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333497.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333497.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333497.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333497.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333497.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333497.783644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333497.783644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333498.799644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333498.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333498.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333498.799644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333498.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333498.799644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333498.799644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333501.002644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333501.002644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333501.002644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333501.002644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333501.002644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333501.002644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333501.002644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333502.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333502.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333502.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333502.096644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333502.096644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333502.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333502.096644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333503.096644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333503.096644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.096644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333503.096644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333503.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333503.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333503.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333503.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333504.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333504.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333504.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333504.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333504.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333504.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333504.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333509.674644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333509.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333509.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333509.674644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333509.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333509.674644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333509.674644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333510.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333510.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333510.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333510.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333510.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333510.690644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333510.690644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333514.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333514.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333514.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333514.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333514.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333514.018644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333514.018644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333515.033644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333515.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333515.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333515.033644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333515.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333515.033644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333515.033644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333516.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333516.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333516.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333516.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333516.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333516.174644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333516.174644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333517.190644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333517.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333517.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333517.190644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333517.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333517.190644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333517.190644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333519.455644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333519.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333519.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333519.455644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333519.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 45 }, "time": 1520333519.455644, "tid": 2044, "flags": { "index": "SM_CXEDGE" } }, { "category": "misc", "status": 1, "stacktrace": [], "api": "GetSystemMetrics", "return_value": 2, "arguments": { "index": 46 }, "time": 1520333519.455644, "tid": 2044, "flags": { "index": "SM_CYEDGE" } } ], "track": true, "pid": 5676, "process_name": "Notepad.exe", "command_line": "\"C:\\Users\\User\\AppData\\Local\\Temp\\Notepad.exe\" ", "modules": [ { "basename": "Notepad.exe", "imgsize": 77824, "baseaddr": "0x1000000", "filepath": "C:\\Users\\User\\AppData\\Local\\Temp\\Notepad.exe" }, { "basename": "ntdll.dll", "imgsize": 1626112, "baseaddr": "0x77180000", "filepath": "C:\\Windows\\SYSTEM32\\ntdll.dll" }, { "basename": "KERNEL32.DLL", "imgsize": 851968, "baseaddr": "0x76b20000", "filepath": "C:\\Windows\\System32\\KERNEL32.DLL" }, { "basename": "KERNELBASE.dll", "imgsize": 1929216, "baseaddr": "0x74fa0000", "filepath": "C:\\Windows\\System32\\KERNELBASE.dll" }, { "basename": "apphelp.dll", "imgsize": 630784, "baseaddr": "0x6ef70000", "filepath": "C:\\Windows\\SYSTEM32\\apphelp.dll" }, { "basename": "comdlg32.dll", "imgsize": 868352, "baseaddr": "0x73fa0000", "filepath": "C:\\Windows\\System32\\comdlg32.dll" }, { "basename": "msvcrt.dll", "imgsize": 774144, "baseaddr": "0x767a0000", "filepath": "C:\\Windows\\System32\\msvcrt.dll" }, { "basename": "combase.dll", "imgsize": 2383872, "baseaddr": "0x76550000", "filepath": "C:\\Windows\\System32\\combase.dll" }, { "basename": "ucrtbase.dll", "imgsize": 1142784, "baseaddr": "0x74cd0000", "filepath": "C:\\Windows\\System32\\ucrtbase.dll" }, { "basename": "RPCRT4.dll", "imgsize": 778240, "baseaddr": "0x770b0000", "filepath": "C:\\Windows\\System32\\RPCRT4.dll" }, { "basename": "SspiCli.dll", "imgsize": 131072, "baseaddr": "0x73ba0000", "filepath": "C:\\Windows\\System32\\SspiCli.dll" }, { "basename": "CRYPTBASE.dll", "imgsize": 40960, "baseaddr": "0x73b90000", "filepath": "C:\\Windows\\System32\\CRYPTBASE.dll" }, { "basename": "bcryptPrimitives.dll", "imgsize": 356352, "baseaddr": "0x76fa0000", "filepath": "C:\\Windows\\System32\\bcryptPrimitives.dll" }, { "basename": "sechost.dll", "imgsize": 274432, "baseaddr": "0x76bf0000", "filepath": "C:\\Windows\\System32\\sechost.dll" }, { "basename": "shcore.dll", "imgsize": 557056, "baseaddr": "0x73df0000", "filepath": "C:\\Windows\\System32\\shcore.dll" }, { "basename": "USER32.dll", "imgsize": 1527808, "baseaddr": "0x76c40000", "filepath": "C:\\Windows\\System32\\USER32.dll" }, { "basename": "win32u.dll", "imgsize": 90112, "baseaddr": "0x764e0000", "filepath": "C:\\Windows\\System32\\win32u.dll" }, { "basename": "GDI32.dll", "imgsize": 139264, "baseaddr": "0x73f20000", "filepath": "C:\\Windows\\System32\\GDI32.dll" }, { "basename": "gdi32full.dll", "imgsize": 1433600, "baseaddr": "0x74b70000", "filepath": "C:\\Windows\\System32\\gdi32full.dll" }, { "basename": "msvcp_win.dll", "imgsize": 507904, "baseaddr": "0x76dc0000", "filepath": "C:\\Windows\\System32\\msvcp_win.dll" }, { "basename": "SHLWAPI.dll", "imgsize": 282624, "baseaddr": "0x74b20000", "filepath": "C:\\Windows\\System32\\SHLWAPI.dll" }, { "basename": "SHELL32.dll", "imgsize": 20131840, "baseaddr": "0x75180000", "filepath": "C:\\Windows\\System32\\SHELL32.dll" }, { "basename": "cfgmgr32.dll", "imgsize": 229376, "baseaddr": "0x76500000", "filepath": "C:\\Windows\\System32\\cfgmgr32.dll" }, { "basename": "windows.storage.dll", "imgsize": 6053888, "baseaddr": "0x74080000", "filepath": "C:\\Windows\\System32\\windows.storage.dll" }, { "basename": "advapi32.dll", "imgsize": 491520, "baseaddr": "0x769a0000", "filepath": "C:\\Windows\\System32\\advapi32.dll" }, { "basename": "kernel.appcore.dll", "imgsize": 57344, "baseaddr": "0x76f90000", "filepath": "C:\\Windows\\System32\\kernel.appcore.dll" }, { "basename": "powrprof.dll", "imgsize": 282624, "baseaddr": "0x76860000", "filepath": "C:\\Windows\\System32\\powrprof.dll" }, { "basename": "profapi.dll", "imgsize": 81920, "baseaddr": "0x764c0000", "filepath": "C:\\Windows\\System32\\profapi.dll" }, { "basename": "COMCTL32.dll", "imgsize": 2166784, "baseaddr": "0x72180000", "filepath": "C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.15_none_1440321736920223\\COMCTL32.dll" }, { "basename": "WINSPOOL.DRV", "imgsize": 442368, "baseaddr": "0x6e390000", "filepath": "C:\\Windows\\SYSTEM32\\WINSPOOL.DRV" }, { "basename": "IPHLPAPI.DLL", "imgsize": 196608, "baseaddr": "0x735a0000", "filepath": "C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" }, { "basename": "bcrypt.dll", "imgsize": 102400, "baseaddr": "0x73500000", "filepath": "C:\\Windows\\SYSTEM32\\bcrypt.dll" }, { "basename": "IMM32.DLL", "imgsize": 151552, "baseaddr": "0x77080000", "filepath": "C:\\Windows\\System32\\IMM32.DLL" }, { "basename": "monitor-x86.dll", "imgsize": 2121728, "baseaddr": "0x63bc0000", "filepath": "C:\\tmpu_oyml\\bin\\monitor-x86.dll" } ], "time": 0, "tid": 2044, "first_seen": 1520333398.908644, "ppid": 5568, "type": "process" } ], "processtree": [ { "track": true, "pid": 5676, "process_name": "Notepad.exe", "command_line": "\"C:\\Users\\User\\AppData\\Local\\Temp\\Notepad.exe\" ", "first_seen": 1520333398.908644, "ppid": 5568, "children": [] } ], "summary": { "file_opened": [ "C:\\Windows\\System32\\oleaut32.dll", "C:\\Windows\\System32\\dwmapi.dll", "C:\\Windows\\Globalization\\Sorting\\sortdefault.nls", "C:\\Windows\\System32\\TextInputFramework.dll", "C:\\Windows\\System32\\msctf.dll", "C:\\Windows\\System32\\CoreUIComponents.dll", "C:\\Windows\\System32\\WinTypes.dll", "C:\\Windows\\System32\\CoreMessaging.dll", "C:\\Windows\\System32\\ntmarta.dll", "C:\\Windows\\System32\\uxtheme.dll" ], "mutex": [ "Local\\SM0:5676:168:WilStaging_02", "Local\\SM0:5676:64:WilError_01" ], "regkey_read": [ "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\EnableAnchorContext", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginLeft", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfFaceName", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM\\DeviceForm", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfItalic", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfOutPrecision", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\StatusBar", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\IdleTimerWindow", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager\\ResourcePolicies", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\MaxResyncAttempts", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfOrientation", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input\\ResyncResetTime", "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfUnderline", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfClipPrecision", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfWeight", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfStrikeOut", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids\\en", "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfCharSet", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfPitchAndFamily", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosDY", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iPointSize", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fWrap", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginTop", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\szHeader", "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginRight", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfQuality", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosDX", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\szTrailer", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\lfEscapement", "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions\\000602xx", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fSaveWindowPositions", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosX", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iWindowPosY", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\iMarginBottom", "HKEY_CURRENT_USER\\Software\\Microsoft\\Notepad\\fMLE_is_broken" ], "dll_loaded": [ "ext-ms-win-rtcore-ntuser-integration-l1-1-0.dll", "rpcrt4.dll", "api-ms-win-core-com-l1-1-0.dll", "C:\\Windows\\System32\\MSCTF.dll", "kernel32.dll", "OLEAUT32.DLL", "ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll", "comctl32", "comctl32.dll" ], "file_failed": [ "C:\\Windows\\System32\\uxtheme.dll.Config" ] } }, "debug": { "action": [ "gatherer" ], "dbgview": [], "errors": [], "log": [ "2018-03-06 10:49:57,783 [analyzer] DEBUG: Starting analyzer from: C:\\tmpu_oyml\n", "2018-03-06 10:49:57,783 [analyzer] DEBUG: Pipe server name: \\??\\PIPE\\UjpeGodudxuTswYEADaGpwBmeyJkRT\n", "2018-03-06 10:49:57,783 [analyzer] DEBUG: Log pipe server name: \\??\\PIPE\\HnoZfnPkdJfbXrJsXAyTzYE\n", "2018-03-06 10:49:57,783 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.\n", "2018-03-06 10:49:57,783 [analyzer] INFO: Automatically selected analysis package \"exe\"\n", "2018-03-06 10:49:58,063 [analyzer] DEBUG: Started auxiliary module DbgView\n", "2018-03-06 10:49:58,361 [analyzer] DEBUG: Started auxiliary module Disguise\n", "2018-03-06 10:49:58,532 [modules.auxiliary.dumptls] WARNING: You're not running the Cuckoo Agent as Administrator. Doing so will improve your analysis results!\n", "2018-03-06 10:49:58,532 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets\n", "2018-03-06 10:49:58,532 [analyzer] DEBUG: Started auxiliary module Human\n", "2018-03-06 10:49:58,532 [analyzer] DEBUG: Started auxiliary module InstallCertificate\n", "2018-03-06 10:49:58,532 [analyzer] DEBUG: Started auxiliary module Reboot\n", "2018-03-06 10:49:58,595 [analyzer] DEBUG: Started auxiliary module RecentFiles\n", "2018-03-06 10:49:58,614 [analyzer] DEBUG: Started auxiliary module Screenshots\n", "2018-03-06 10:49:58,614 [modules.auxiliary.screenshots] INFO: Python Image Library (either PIL or Pillow) is not installed, screenshots are disabled.\n", "2018-03-06 10:49:58,614 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n\n", "2018-03-06 10:49:58,831 [lib.api.process] INFO: Successfully executed process from path u'C:\\\\Users\\\\User\\\\AppData\\\\Local\\\\Temp\\\\Notepad.exe' with arguments '' and pid 5676\n", "2018-03-06 10:49:58,986 [analyzer] DEBUG: Loaded monitor into process with pid 5676\n", "2018-03-06 10:49:59,002 [analyzer] DEBUG: Received request to inject pid=5676, but we are already injected there.\n", "2018-03-06 10:51:03,957 [modules.auxiliary.human] INFO: Closed Office window.\n", "2018-03-06 10:51:59,599 [analyzer] INFO: Analysis timeout hit, terminating analysis.\n", "2018-03-06 10:51:59,599 [analyzer] INFO: Analysis completed.\n" ], "cuckoo": [ "2018-04-18 13:48:45,326 [cuckoo.core.scheduler] INFO: Task #5: acquired machine cuckoo1 (label=cuckoo1)\n", "2018-04-18 13:48:45,333 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3926 (interface=vboxnet0, host=192.168.56.101)\n", "2018-04-18 13:48:45,333 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer\n", "2018-04-18 13:48:45,383 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo1\n", "2018-04-18 13:48:47,258 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to its current snapshot\n", "2018-04-18 13:48:53,012 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101)\n", "2018-04-18 13:48:54,015 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet\n", "2018-04-18 13:48:55,019 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet\n", "2018-04-18 13:48:56,025 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet\n", "2018-04-18 13:48:57,028 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet\n", "2018-04-18 13:48:57,036 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.8 (id=cuckoo1, ip=192.168.56.101)\n", "2018-04-18 13:48:57,056 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo1, ip=192.168.56.101, monitor=latest, size=3840773)\n", "2018-04-18 13:48:58,888 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:48:59,240 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.\n", "2018-04-18 13:48:59,903 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:00,376 [cuckoo.core.resultserver] DEBUG: New process (pid=5676, ppid=5568, name=Notepad.exe)\n", "2018-04-18 13:49:00,910 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:01,920 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:02,934 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:03,945 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:04,958 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:05,972 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:06,984 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:07,995 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:09,005 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:10,017 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:11,030 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:12,042 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:13,057 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:14,073 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:15,087 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:16,102 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:17,120 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:18,132 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:19,145 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:20,161 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:21,184 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:22,189 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:23,203 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:24,217 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:25,232 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:26,239 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:27,257 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:28,270 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:29,277 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:30,293 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:31,300 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:32,305 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:33,311 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:34,318 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:35,330 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:36,336 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:37,353 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:38,364 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:39,371 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:40,376 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:41,384 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:42,392 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:43,399 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:44,410 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:45,424 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:46,441 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:47,447 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:48,459 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:49,466 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:50,476 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:51,482 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:52,488 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:53,501 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:54,513 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:55,524 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:56,537 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:57,548 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:58,561 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:49:59,567 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:00,578 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:01,587 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:02,598 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:03,614 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:04,624 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:05,632 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:06,642 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:07,658 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:08,664 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:09,674 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:10,688 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:11,698 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:12,706 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:13,716 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:14,727 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:15,737 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:16,750 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:17,763 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:18,777 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:19,789 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:20,802 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:21,814 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:22,828 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:23,844 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:24,858 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:25,872 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:26,883 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:27,891 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:28,902 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:29,914 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:30,929 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:31,939 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:32,958 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:33,973 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:34,985 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:35,996 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:37,008 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:38,016 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:39,030 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:40,039 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:41,053 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:42,065 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:43,078 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:44,088 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:45,100 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:46,112 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:47,122 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:48,139 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:49,150 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:50,159 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:51,173 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:52,180 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:53,194 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:54,205 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:55,212 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:56,221 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:57,235 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:58,243 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:50:59,257 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:51:00,272 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing\n", "2018-04-18 13:51:01,278 [cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully\n", "2018-04-18 13:51:01,338 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer\n", "2018-04-18 13:51:01,339 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo1\n", "2018-04-18 13:51:03,939 [cuckoo.core.scheduler] DEBUG: Released database task #5\n", "2018-04-18 13:51:03,980 [cuckoo.core.plugins] DEBUG: Executed processing module \"AnalysisInfo\" for task #5\n", "2018-04-18 13:51:04,005 [cuckoo.core.plugins] DEBUG: Executed processing module \"BehaviorAnalysis\" for task #5\n", "2018-04-18 13:51:04,005 [cuckoo.core.plugins] DEBUG: Executed processing module \"Dropped\" for task #5\n", "2018-04-18 13:51:04,006 [cuckoo.core.plugins] DEBUG: Executed processing module \"DroppedBuffer\" for task #5\n", "2018-04-18 13:51:04,007 [cuckoo.core.plugins] DEBUG: Executed processing module \"MetaInfo\" for task #5\n", "2018-04-18 13:51:04,007 [cuckoo.core.plugins] DEBUG: Executed processing module \"ProcessMemory\" for task #5\n", "2018-04-18 13:51:04,007 [cuckoo.core.plugins] DEBUG: Executed processing module \"Procmon\" for task #5\n", "2018-04-18 13:51:04,007 [cuckoo.core.plugins] DEBUG: Executed processing module \"Screenshots\" for task #5\n", "2018-04-18 13:51:04,281 [cuckoo.core.plugins] DEBUG: Executed processing module \"Static\" for task #5\n", "2018-04-18 13:51:04,285 [cuckoo.core.plugins] DEBUG: Executed processing module \"Strings\" for task #5\n", "2018-04-18 13:51:04,287 [cuckoo.core.plugins] DEBUG: Executed processing module \"TargetInfo\" for task #5\n", "2018-04-18 13:51:04,862 [cuckoo.core.plugins] DEBUG: Executed processing module \"NetworkAnalysis\" for task #5\n", "2018-04-18 13:51:04,862 [cuckoo.core.plugins] DEBUG: Executed processing module \"Extracted\" for task #5\n", "2018-04-18 13:51:04,863 [cuckoo.core.plugins] DEBUG: Executed processing module \"TLSMasterSecrets\" for task #5\n", "2018-04-18 13:51:04,866 [cuckoo.core.plugins] DEBUG: Executed processing module \"Debug\" for task #5\n", "2018-04-18 13:51:04,867 [cuckoo.core.plugins] DEBUG: Running 473 signatures\n", "2018-04-18 13:51:05,110 [cuckoo.core.plugins] DEBUG: Analysis matched signature: dead_host\n" ] }, "strings": [ "!This program cannot be run in DOS mode.", "`.data", "comdlg32.dll", "SHELL32.dll", "WINSPOOL.DRV", "COMCTL32.dll", "msvcrt.dll", "ADVAPI32.dll", "KERNEL32.dll", "NTDLL.DLL", "GDI32.dll", "USER32.dll", "@wARAw", "RegisterPenApp", "notepad.chm", "hhctrl.ocx", "CLSID\\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\\InprocServer32", "notepad.pdb", "QQSUVW", "_^][YY", "ExHt#Ht", "u/SSVQ", "taHt\u001fH", "AABFF3", "t,Wh0A", "AA@@Nu", "t'VSSj", "HtjHtPHt", "\\$8UVW", "D$,+D$$P", "D$,+D$$P", "_@]^[YY", "MLf950", "9]\\tY9", "GetFileTitleW", "CommDlgExtendedError", "GetSaveFileNameW", "ChooseFontW", "FindTextW", "ReplaceTextW", "PageSetupDlgW", "GetOpenFileNameW", "PrintDlgExW", "comdlg32.dll", "ShellAboutW", "DragFinish", "DragQueryFileW", "DragAcceptFiles", "SHELL32.dll", "ClosePrinter", "GetPrinterDriverW", "OpenPrinterW", "WINSPOOL.DRV", "CreateStatusWindowW", "COMCTL32.dll", "_snwprintf", "wcsncmp", "iswctype", "wcsncpy", "localtime", "_c_exit", "_XcptFilter", "_cexit", "_acmdln", "__getmainargs", "_initterm", "__setusermatherr", "_adjust_fdiv", "__p__commode", "__p__fmode", "__set_app_type", "msvcrt.dll", "_except_handler3", "_controlfp", "RegSetValueExW", "RegQueryValueExW", "RegCloseKey", "RegCreateKeyW", "IsTextUnicode", "RegQueryValueExA", "RegOpenKeyExA", "ADVAPI32.dll", "GlobalFree", "GetLocaleInfoW", "lstrcatW", "FindClose", "FindFirstFileW", "GetFileAttributesW", "lstrcpyW", "lstrcmpW", "LocalFree", "LocalAlloc", "lstrlenW", "LocalUnlock", "CompareStringW", "LocalLock", "FoldStringW", "CloseHandle", "ReadFile", "CreateFileW", "lstrcmpiW", "GetCurrentProcessId", "GetProcAddress", "GetCommandLineW", "MulDiv", "lstrcpynW", "LocalSize", "GetLastError", "WriteFile", "SetLastError", "WideCharToMultiByte", "LocalReAlloc", "FormatMessageW", "GetUserDefaultLangID", "SetEndOfFile", "DeleteFileW", "GetACP", "UnmapViewOfFile", "MultiByteToWideChar", "MapViewOfFile", "CreateFileMappingW", "GetFileInformationByHandle", "GlobalUnlock", "GlobalLock", "GetTimeFormatW", "GetDateFormatW", "GetUserDefaultLCID", "GetLocalTime", "LoadLibraryA", "GetModuleHandleA", "GetStartupInfoA", "KERNEL32.dll", "DeleteObject", "CreateFontIndirectW", "GetDeviceCaps", "GetObjectW", "GetStockObject", "EnumFontsW", "GetTextFaceW", "SelectObject", "CreateDCW", "GetTextExtentPoint32W", "TextOutW", "DeleteDC", "EndDoc", "AbortDoc", "EndPage", "StartPage", "StartDocW", "SetAbortProc", "GetTextMetricsW", "SetBkMode", "LPtoDP", "SetWindowExtEx", "SetViewportExtEx", "SetMapMode", "GDI32.dll", "MoveWindow", "InvalidateRect", "WinHelpW", "GetDlgCtrlID", "ChildWindowFromPoint", "ScreenToClient", "GetCursorPos", "SendDlgItemMessageW", "SendMessageW", "CharNextW", "SetWindowTextW", "CheckMenuItem", "CloseClipboard", "IsClipboardFormatAvailable", "OpenClipboard", "GetMenuState", "EnableMenuItem", "GetSubMenu", "GetMenu", "MessageBoxW", "SetFocus", "SetDlgItemTextW", "wsprintfW", "GetDlgItemTextW", "EndDialog", "GetParent", "UnhookWinEvent", "DispatchMessageW", "TranslateMessage", "TranslateAcceleratorW", "IsDialogMessageW", "PostMessageW", "GetMessageW", "SetWinEventHook", "GetSystemMetrics", "LoadIconW", "GetFocus", "GetDesktopWindow", "ShowWindow", "GetClientRect", "SetCursor", "ReleaseDC", "DialogBoxParamW", "SetActiveWindow", "GetKeyboardLayout", "DefWindowProcW", "DestroyWindow", "MessageBeep", "PostQuitMessage", "GetForegroundWindow", "IsIconic", "GetWindowPlacement", "CharUpperW", "LoadStringW", "SetWindowLongW", "LoadAcceleratorsW", "GetSystemMenu", "RegisterClassExW", "LoadImageW", "LoadCursorW", "SetWindowPlacement", "CreateWindowExW", "RegisterWindowMessageW", "UpdateWindow", "SetScrollPos", "CharLowerW", "GetWindowLongW", "PeekMessageW", "EnableWindow", "DrawTextExW", "CreateDialogParamW", "GetWindowTextW", "USER32.dll", "", "", "", "Windows Shell", "", " ", " ", " ", "", "", "wwwwwwwww", "wwwwwwwww", "wwwwwwwwww", "ffffffffffff`", "gwwwwwwwwwwww`wwww", "n~~~~~~~~~~~~v", "n~~~~~~~~~~~~w`", "~~~~~~~~~~~~v", "n~~~~~~~~~~~~w`", "~~~~~~~~~~~~v", "n~~~~~~~~~~~~w`", "~~~~~~~~~~~~v", "n~~~~~~~~~~~~w`", "~~~~~~~~~~~~v", "n~~~~~~~~~~~~w`", "~vfffffff~~~v", "n~~~~~~~~~~~~w`", "ffffffff", "n~~~~~~~~~~~~w`w", "~~~~~~~~~~~~v", "n~~~~~~~~~~~~w`x", "ffffffff", "nwwwwwwww`ww", "n~~~~~~~~v", "~~~~~~~w`", "n~~~~~~~~v", "~~~~~~~w`w", "n~~~~~~~~v", "~~~~~~~w`w", "n~~~~~~~~v", "~~~~~~~w`w", "n~~~~~~~~v", "pn~~~~", "~~~p~p", "%#$*\u001f-C", "&*$#$$#$*\u001f-C", "L5'%\"\"#\"$", "L5'?)\"\"\"#", "Y3+)\"\"\"#", "rX+%\"/", "oaaaa_ep", "LRI?9\\", "z_____/VK<-", "XRG???", "4TTTTTAWK-", "999877766mv.,0A@UTTTU", "8877666.,,,&&&1TU", "YRIPPPF", "m\\.1,,,,,2TW", "FFEEEDD", ".111,,,@Tf", "OFFEEEDDDD.111111RU", "gRa``]]z", "DDD.;;;11ATW", "Ro```]]", ".:;;;;ITf", "][[[ZZZNNOO/HH::;UU", "ZZZNN/HHHHJTW", "sYR|nyywwx", "/GGGHITf", "xlllkkkjj", "/QGGGRT", "lllkkkjj/bbQQTV", "4bbbUTK", "{yywwu", "toobRTi", "||{yywuuuuu4oooTV", "uuu4nncTK", "tnnTTi", "~~||{yy4naTV", "~||{4ncTK", "3221#\u001f \"\"", "IQ#\u001f! ,$&&'", "ezst^(a6@@j", "rZ8oWFFWwwvvC:QQQRa'", "WFFFFW,)---<^", "w,)-**>R", "nLLLLZk7/5--Pb", "AH[qzz", "k7/4/;PT", "78;4O`", "eC8>=Pb", "CMGGPc", "mmdBEO]_", "^}}|tt", "AIH$+#", "z>]N?@5", "XL\\[FGE", "UTlZMSK", "V`mdRQJ\"& ", "2~hbrq_^P3-.", "nuk{safe4.", "|tyg,1", "MMM\u001fMMMAMMMNMMMKMMMFMMM@MMM7MMM,MMM!MMM", "MMM9MMMxMMM", "MMMrMMM`MMMRMMMFMMM:MMM.MMM\"MMM", "gQccUN", "MMMyMMMfMMMVMMMKMMM@MMM2MMM%MMM", "MMMjMMMXMMMLMMMAMMM4MMM%MMM", "MMMkMMMXMMMLMMMBMMM2MMM", "MMMzMMMKMMM", "MMM|MMM4MMM", "MMM?MMM", "MMMJMMM", "MMMjMMM>MMM*MMM\u001fMMM", "MMMrMMMaMMMQMMMDMMM9MMM,MMM", "MMMrMMMKMMM\u001fMMM", "MMM7MMM", "MMM?MMM", "MMM7MMM", "MMMlMMM'MMM", "MMMQMMM", "MMM:MMM", "MMMlMMM'MMM", "MMMQMMM", "MMM:MMM", "MMMmMMM'MMM", "MMMSMMM", "MMM=MMM", "MMMsMMM+MMM", "MMMWMMM", "MMM?MMM", "MMMsMMM+MMM", "MMMWMMM", "MMM?MMM", "MMMsMMM+MMM", "MMMWMMM", "MMM?MMM", "MMMtMMM+MMM", "MMMYMMM", "MMMBMMM", "MMMyMMM/MMM", "MMM^MMM\u001fMMM", "MMMFMMM", "MMM3MMM", "MMMnMMM(MMM", "MMMdMMM\"MMM", "MMMWMMM", "MMMBMMM", "MMMdMMM(MMM", "D]h@MMM)MMM", "NpEncodingDialog", "miWindowPosDY", "iWindowPosDX", "iWindowPosY", "iWindowPosX", "fMLE_is_broken", "iMarginRight", "iMarginLeft", "iMarginBottom", "iMarginTop", "szTrailer", "szHeader", "lfFaceName", "fSaveWindowPositions", "StatusBar", "iPointSize", "lfPitchAndFamily", "lfQuality", "lfClipPrecision", "lfOutPrecision", "lfCharSet", "lfStrikeOut", "lfUnderline", "lfItalic", "lfWeight", "lfOrientation", "lfEscapement", "Software\\Microsoft\\Notepad", "Lucida Console", "Out of RC string space!!", "DEV Error!", "SlipUpAcc", "/.SETUP", "MainAcc", "commdlg_help", "commdlg_FindReplace", "Notepad", "MAINACC", "SLIPUPACC", "NPENCODINGDIALOG", "Ctrl+N", "&Open...", "Ctrl+O", "Ctrl+S", "Save &As...", "Page Set&up...", "&Print...", "Ctrl+P", "Ctrl+Z", "Ctrl+X", "Ctrl+C", "&Paste", "Ctrl+V", "De&lete", "&Find...", "Ctrl+F", "Find &Next", "&Replace...", "Ctrl+H", "&Go To...", "Ctrl+G", "Select &All", "Ctrl+A", "Time/&Date", "F&ormat", " &Word Wrap", "!&Font...", "&Status Bar", "@&Help Topics", "A&About Notepad", "Notepad", "MS Shell Dlg", "Cancel", "Now Printing", "MS Shell Dlg", "&Encoding:", "Page Setup", "MS Shell Dlg", "Si&ze:", "&Source:", "Orientation", "P&ortrait", "L&andscape", "Margins", "&Left:", "&Right:", "&Bottom:", "&Header:", "&Footer:", "Cancel", "&Printer...", "Preview", "Goto line", "MS Shell Dlg", "&Line Number:", "Cancel", "VS_VERSION_INFO", "StringFileInfo", "040904B0", "CompanyName", "Microsoft Corporation", "FileDescription", "Notepad", "FileVersion", "5.1.2600.0 (xpclient.010817-1148)", "InternalName", "Notepad", "LegalCopyright", " Microsoft Corporation. All rights reserved.", "OriginalFilename", "NOTEPAD.EXE", "ProductName", "Microsoft", " Windows", " Operating System", "ProductVersion", "5.1.2600.0", "VarFileInfo", "Translation", "notepad.hlp", "Page &p", "Text Documents (*.txt)", "All Files ", "Save As", "You cannot quit Windows because the Save As dialog", "box in Notepad is open. Switch to Notepad, close this", "dialog box, and then try quitting Windows again.", "Cannot access your printer.", "Be sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly.u%%", "You do not have permission to open this file. See the owner of the file or an administrator to obtain permission.", " This file contains characters in Unicode format which will be lost if you save this file as an ANSI encoded text file. To keep the Unicode information, click Cancel below and then select one of the Unicode options from the Encoding drop down list. Continue?BPage too small to print one line.", "Try printing using smaller font.", "Common Dialog error (0x%04x)", "Notepad - Goto Line", "Line number out of range", "ICannot open the %% file.", "Make sure a disk is in the drive you specified.;Cannot find the %% file.", "Do you want to create a new file?FThe text in the %% file has changed.", "Do you want to save the changes?", "Untitled", " - Notepad", "Cannot find \"%%\"", "Not enough memory available to complete this operation. Quit one or more applications to increase available memory, and then try again.KThe %% file is too large for Notepad.", "Use another editor to edit the file.", "NotepadEFailed to Initialize File Dialogs. Change the Filename and try again.", "Failed to Initialize Print Dialogs. Make sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly.", "Cannot print the %% file. Be sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly.", "Not a valid file name.MCannot create the %% file.", "Make sure that the path and filename are correct.RCannot carry out the Word Wrap command because there is too much text in the file.", "Unicode", "Unicode big endian", "Page %d", " Ln %d, Col %d ", " Compressed,", " Encrypted,", " Hidden,", " Offline,", " ReadOnly,", " System,", "fFpPtTdDcCrRlL", "Text Document" ], "metadata": { "output": { "pcap": { "basename": "dump.pcap", "sha256": "fd72e17b35ae9df3a65766988451261ca9fe8b59d3ecaa35c419a32d7003411c", "dirname": "" } } } }