\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574118145,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|13280|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":3216973161},{"eventId":21,"localTimestamp":1574118143,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574118145,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":688976684},{"eventId":327683,"localTimestamp":1574118744,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574118746,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|11084|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":209684604},{"eventId":21,"localTimestamp":1574118744,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574118746,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":3439272704},{"eventId":327683,"localTimestamp":1574121746,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574121749,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|8996|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":420220509},{"eventId":21,"localTimestamp":1574121747,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574121749,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":2363432767},{"eventId":327683,"localTimestamp":1574122347,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574122347,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|5108|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":3534403094},{"eventId":21,"localTimestamp":1574122347,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574122347,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":935877980},{"eventId":327683,"localTimestamp":1574125349,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574125348,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|17288|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":1209831461},{"eventId":21,"localTimestamp":1574125350,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574125348,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":3301191293},{"eventId":327683,"localTimestamp":1574125950,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574125946,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|1596|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":3007765637},{"eventId":21,"localTimestamp":1574125950,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574125946,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":345579481},{"eventId":327683,"localTimestamp":1574129243,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574129244,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|17600|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":230936798},{"eventId":21,"localTimestamp":1574129243,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574129244,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":3981818764},{"eventId":327683,"localTimestamp":1574129843,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574129842,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|14564|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":561958180},{"eventId":21,"localTimestamp":1574129843,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574129843,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":497298490},{"eventId":327683,"localTimestamp":1574132846,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574132849,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|1600|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":2294782040},{"eventId":21,"localTimestamp":1574132846,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574132849,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":4199339432},{"eventId":327683,"localTimestamp":1574133446,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574133450,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|16448|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":547164086},{"eventId":21,"localTimestamp":1574133446,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574133450,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":303484819},{"eventId":327683,"localTimestamp":1574136449,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574136451,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|3432|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":3367924120},{"eventId":21,"localTimestamp":1574136449,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574136451,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":3766592256},{"eventId":327683,"localTimestamp":1574137049,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574137052,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|9952|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":2157705244},{"eventId":21,"localTimestamp":1574137049,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574137052,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":4184901803},{"eventId":327683,"localTimestamp":1574140342,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574140344,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|12696|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":2749989602},{"eventId":21,"localTimestamp":1574140342,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574140344,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":1137746599},{"eventId":327683,"localTimestamp":1574140942,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574140942,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|14028|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":34796523},{"eventId":21,"localTimestamp":1574140942,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574140942,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":3460583169},{"eventId":327683,"localTimestamp":1574143945,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574143947,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"treepath":"SGTool.exe|10072|360se.exe|12616|explorer.exe|2904|userinit.exe|2872|winlogon.exe|2520|smss.exe|2488|smss.exe|304|System|4||0","ucrc":178379894},{"eventId":21,"localTimestamp":1574143945,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574143947,"subject":{"process":"C:\\Program Files (x86)\\SogouInput\\9.5.0.3399\\SGTool.exe","type":"kernel_event","user":"Administrator"},"ucrc":3752696423},{"eventId":327683,"localTimestamp":1574144545,"newMachineId":"c80cfe797ee7cd7c456c708e9fd38204","object":{"file":"c:\\users\\administrator\\appdata\\locallow\\sogoupy\\temp.dll"},"operation":"create","result":1,"standardTimestamp":1574144548,"subject":{"proc