Skip to content

Instantly share code, notes, and snippets.

@Jaid
Last active June 29, 2022 14:15
Show Gist options
  • Save Jaid/ebdb76202ef8ca1589acb3bd5d999f82 to your computer and use it in GitHub Desktop.
Save Jaid/ebdb76202ef8ca1589acb3bd5d999f82 to your computer and use it in GitHub Desktop.
BarRaider Stream Deck Extensions Registry Access (analyzed with Sysinternals Process Monitor)
We can't make this file beautiful and searchable because it's too large.
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"10:28:19,8254308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8254382","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8254501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8254559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8254618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8254687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8254775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8254865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8254944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8254999","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8255088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8255213","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8255266","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8255356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8255438","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8256541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8256605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8256719","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8256807","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8256876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8256984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8257053","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8257122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8257182","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8257394","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8257454","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8257516","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8257574","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8257635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8257714","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8257778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8257865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8257944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8257997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8258113","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8258256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8258310","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8258400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8258483","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8259533","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8259590","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8259690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8259774","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8259835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8259901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8259960","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8260027","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8260160","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8260528","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8260619","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8260721","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8260797","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8260860","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8260931","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8260997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8261097","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8261190","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8261247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8261355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8261542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8261595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8261697","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8261824","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8262953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8263007","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8263112","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8263199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8263265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8263334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8263396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8263462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8263521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8263744","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8263812","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8263912","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8263977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8264037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8264106","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8264169","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8264257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8264334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8264392","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8264482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8264606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8264659","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8264766","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8264864","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8265915","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8265968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8266064","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8266146","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8266205","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8266292","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8266352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8266449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8266517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8266769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8266835","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8266900","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8266956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8267015","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8267081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8267146","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8267236","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8267312","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8267364","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8267451","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8267574","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8267632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8267718","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8267801","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,9484491","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 1960, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:20,6923744","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6923851","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6924067","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,6924287","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,6924368","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,6924459","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,6924563","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,6924647","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,6924708","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,6925052","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6925124","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,6925218","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,6925282","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,6925354","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,6925432","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,6925502","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,6925630","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,6925747","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6925804","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6925916","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,6926099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6926157","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6926256","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,6926356","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,7543420","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 33972, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:20,7555317","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7555461","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,7555650","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,7555733","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,7555795","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,7555869","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,7555929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,7556181","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7556252","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,7556342","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,7556432","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,7556499","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,7556609","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,7556674","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,7556797","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,7556876","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7556944","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,7557081","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7557144","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,7557227","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8317865","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8317964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8318171","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8318416","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8318505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8318595","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8318659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8318736","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8318798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8319188","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8319261","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8319342","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8319402","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8319469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8319554","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8319618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8319738","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8319829","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8319883","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8319982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8320160","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8320212","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8320307","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8320398","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8321701","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8321756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8321857","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8321941","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8322003","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8322069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8322129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8322195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8322253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8322473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8322535","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8322599","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8322655","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8322717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8322784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8322847","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8322935","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8323012","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8323065","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8323154","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8323275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8323327","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8323414","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8323497","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8324556","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8324608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8324703","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8324781","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8324840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8324951","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8325039","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8325109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8325167","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8325383","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8325445","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8325511","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8325566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8325625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8325692","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8325755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8325839","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8325917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8325968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8326062","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8326204","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8326260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8326369","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8326499","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8327564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8327616","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8327711","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8327789","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8327849","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8327920","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8327979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8328044","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8328104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8328315","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8328376","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8328440","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8328497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8328556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8328622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8328683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8328771","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8328854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8328905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8328990","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8329110","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8329163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8329249","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8329332","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8330384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8330436","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8330549","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8330625","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8330689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8330754","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8330814","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8330877","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8330936","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8331148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8331209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8331272","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8331328","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8331415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8331484","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8331546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8331633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8331710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8331761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8331847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8331969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8332020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8332105","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8332202","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8333260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8333313","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8333407","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8333484","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8333545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8333609","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8333687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8333752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8333810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8334020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334080","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8334143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8334199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8334259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8334325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8334404","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8334491","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8334569","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8334710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8334887","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8335032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8335115","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8336219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8336272","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8336366","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8336475","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8336535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8336601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8336661","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8336726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8336787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8337002","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337067","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8337132","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8337188","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8337248","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8337315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8337377","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8337464","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8337541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337594","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8337701","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8337831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337884","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8337985","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8338069","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8339126","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8339179","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8339273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8339351","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8339410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8339476","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8339536","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8339603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8339662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8339872","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8339934","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8339996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8340052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8340112","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8340178","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8340239","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8340325","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8340402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8340454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8340539","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8340658","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8340715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8340802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8340884","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,6998615","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,6998725","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,6998898","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,6999087","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,6999191","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,6999453","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,6999642","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,6999762","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,6999827","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7000207","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7000299","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,7000417","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,7000488","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,7000560","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7000651","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,7000730","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7000931","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,7001264","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7001353","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,7001550","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7001840","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7001893","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,7002000","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7002140","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,7628686","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7628853","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,7629037","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,7629130","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,7629195","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7629267","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,7629326","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7629603","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7629680","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,7629781","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,7629977","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,7630043","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7630141","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,7630201","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7630316","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,7630426","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7630503","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7630646","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7630720","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7630823","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8392835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8392929","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8393124","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8393316","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8393410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8393512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8393588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8393675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8393749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8394163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8394245","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8394335","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8394433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8394514","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8394601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8394681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8394814","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8394920","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8394986","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8395109","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8395308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8395399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8395517","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8395633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8397161","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8397246","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8397384","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8397487","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8397563","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8397646","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8397719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8397799","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8397871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8398144","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8398219","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8398298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8398367","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8398439","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8398522","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8398596","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8398707","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8398801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8398864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8398988","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8399137","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8399200","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8399319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8399422","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8400729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8400792","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8400908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8401057","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8401132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8401212","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8401304","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8401542","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8401760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8402242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8402334","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8402455","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8402520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8402588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8402668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8402734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8402849","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8402945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8403004","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8403134","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8403333","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8403386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8403482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8403577","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8404997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8405054","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8405181","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8405284","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8405363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8405436","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8405511","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8405590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8405651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8405874","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8405938","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8406004","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8406059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8406118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8406186","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8406247","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8406334","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8406445","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8406503","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8406600","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8406725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8406777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8406865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8406948","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8408147","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8408218","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8408373","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8408483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8408588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8408672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8408749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8408821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8408879","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8409115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409178","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8409245","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8409305","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8409363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8409430","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8409493","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8409581","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8409660","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8409798","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8409924","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409975","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8410059","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8410141","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8411222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8411275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8411370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8411504","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8411564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8411630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8411705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8411770","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8411827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8412042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8412104","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8412169","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8412226","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8412284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8412349","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8412409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8412496","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8412611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8412669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8412784","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8412953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8413030","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8413150","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8413263","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8414443","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8414499","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8414606","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8414692","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8414752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8414820","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8414878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8414941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8414999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8415232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8415293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8415356","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8415413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8415496","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8415562","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8415622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8415711","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8415790","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8415841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8415927","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8416051","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8416102","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8416185","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8416267","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8417361","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8417413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8417509","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8417586","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8417645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8417708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8417767","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8417830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8417889","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8418099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418158","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8418220","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8418274","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8418332","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8418398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8418461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8418545","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8418622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418673","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8418758","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8418876","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8419010","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8419091","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,0408484","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 28164, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:22,7072988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7073152","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7073457","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,7073693","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7073801","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,7073938","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,7074002","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7074074","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,7074136","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7074521","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7074751","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,7074892","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7074982","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,7075062","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7075194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,7075272","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7075407","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,7075522","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7075579","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7075710","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7075924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7075988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7076096","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7076224","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,7703530","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7703673","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,7703855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,7703958","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,7704055","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7704137","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,7704197","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7704493","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7704562","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,7704652","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7704713","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,7704777","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7704849","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,7704912","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7705029","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,7705109","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7705172","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7705318","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7705380","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7705489","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8467692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8467817","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8468030","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8468276","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8468368","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8468463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8468535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8468612","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8468725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8469276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8469360","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8469452","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8469662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8469742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8469826","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8469899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8470057","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8470168","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8470230","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8470339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8470527","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8470587","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8470690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8470795","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8472226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8472308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8472426","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8472518","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8472583","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8472657","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8472722","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8472795","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8472861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8473112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8473180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8473250","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8473311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8473389","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8473461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8473527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8473622","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8473706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8473763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8473862","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8474008","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8474059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8474144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8474226","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8475297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8475349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8475446","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8475521","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8475579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8475725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8475785","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8475848","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8475906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8476122","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8476187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8476253","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8476311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8476372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8476470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8476538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8476627","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8476706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8476758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8476933","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8477060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8477113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8477199","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8477281","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8478331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8478524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8478638","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8478723","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8478833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8478900","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8478958","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8479029","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8479086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8479309","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8479402","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8479471","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8479529","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8479587","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8479653","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8479721","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8479815","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8479896","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8479976","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8480070","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8480196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8480253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8480343","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8480427","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8481515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8481570","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8481667","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8481752","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8481821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8481888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8481948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8482010","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8482070","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8482289","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8482356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8482420","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8482475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8482532","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8482598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8482659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8482750","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8482827","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8482879","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8482965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8483090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8483145","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8483228","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8483331","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8484421","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8484476","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8484569","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8484646","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8484705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8484787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8484846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8484909","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8484968","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8485177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8485241","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8485305","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8485373","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8485432","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8485499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8485566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8485656","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8485731","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8485786","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8485871","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8485989","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8486042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8486128","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8486209","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8487271","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8487325","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8487422","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8487501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8487559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8487624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8487683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8487746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8487803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8488052","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488119","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8488183","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8488256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8488315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8488406","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8488469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8488559","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8488643","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488704","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8488792","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8488914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8489055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8489136","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8490172","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8490226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8490319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8490394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8490453","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8490521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8490582","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8490645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8490703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8490913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8490975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8491048","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8491110","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8491170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8491236","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8491296","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8491411","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8491491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8491543","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8491629","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8491755","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8491807","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8491911","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8491993","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,4512698","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4744"
"10:28:23,5598458","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 18948"
"10:28:23,5598757","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 10116"
"10:28:23,5601506","com.barraider.voicemeeter.exe","8808","TCP Send","kubernetes.docker.internal:60488 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51955887, endtime: 51955887, seqnum: 0, connid: 0"
"10:28:23,5602286","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 2900"
"10:28:23,7148484","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7148672","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7148946","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,7149188","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7149309","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,7149460","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,7149550","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7149667","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,7149759","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7150187","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7150298","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,7150419","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7150513","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,7150621","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7150749","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,7150845","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7151012","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,7151241","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7151515","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7151704","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7152040","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7152096","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7152196","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7152333","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,7778981","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7779112","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,7779289","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,7779419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,7779516","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7779596","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,7779656","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7779939","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780010","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,7780092","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7780154","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,7780216","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7780311","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,7780371","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7780494","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,7780575","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780639","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7780770","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780834","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7780932","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8542996","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8543125","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8543401","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8543649","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8543774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8543907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8543996","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8544096","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8544183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8544676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8544795","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8544922","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8545013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8545118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8545229","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8545322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8545487","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8545613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8545688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8545860","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8546094","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8546169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8546313","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8546490","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8548130","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8548219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8548400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8548535","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8548633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8548737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8548825","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8548923","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8549012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8549352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8549450","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8549551","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8549638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8549740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8549841","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8549929","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8550063","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8550180","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8550257","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8550396","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8550583","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8550662","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8550797","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8550931","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8552415","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8552492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8552650","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8552788","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8552882","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8553013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8553122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8553220","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8553325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8553685","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8553787","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8553889","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8553972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8554063","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8554165","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8554257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8554400","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8554523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8554611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8554753","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8554938","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8555015","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8555203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8555354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8556848","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8556927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8557084","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8557235","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8557326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8557422","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8557505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8557598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8557681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8558003","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8558106","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8558205","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8558289","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8558376","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8558470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8558556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8558690","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8558810","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8558895","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8559038","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8559223","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8559300","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8559433","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8559567","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8561019","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8561107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8561259","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8561412","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8561512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8561611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8561697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8561798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8561888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8562228","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8562327","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8562434","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8562516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8562607","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8562710","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8562801","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8562941","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8563060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8563141","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8563274","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8563486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8563564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8563722","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8563868","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8565324","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8565405","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8565563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8565687","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8565783","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8565899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8565988","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8566085","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8566174","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8566535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8566642","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8566747","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8566839","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8566948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8567052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8567138","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8567273","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8567402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8567484","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8567632","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8567822","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8567905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8568039","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8568176","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8569633","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8569717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8569868","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8570002","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8570091","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8570195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8570280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8570374","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8570459","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8570777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8570872","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8570970","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8571097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8571191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8571297","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8571417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8571561","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8571678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8571763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8571904","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8572090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8572169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8572303","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8572441","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8573913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8573992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8574156","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8574280","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8574369","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8574462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8574550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8574649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8574734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8575053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8575157","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8575263","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8575354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8575446","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8575550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8575645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8575779","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8575894","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8575980","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8576120","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8576316","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8576434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8576579","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8576732","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,6603992","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:24,6604205","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:24,6604284","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,6605348","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:24,6605657","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:24,6605762","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,6606802","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: 0, OpenResult: Opened"
"10:28:24,6607156","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 0, Length: 0, Priority: Normal"
"10:28:24,6607340","com.barraider.obstools.exe","7132","QueryStandardInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","AllocationSize: 143.360, EndOfFile: 142.497, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:28:24,6607446","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 142.497, Length: 79, Priority: Normal"
"10:28:24,6608559","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,7222924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7223008","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7223198","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,7223387","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7223466","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,7223548","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,7223609","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7223679","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,7223740","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7224043","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7224112","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,7224186","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7224243","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,7224308","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7224378","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,7224441","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7224550","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,7224639","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7224690","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7224786","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7224964","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7225014","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7225103","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7225193","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,7853050","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7853200","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,7853391","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,7853503","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,7853565","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7853637","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,7853696","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7853970","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854040","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,7854127","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7854187","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,7854249","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7854319","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,7854400","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7854519","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,7854595","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854660","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7854803","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854867","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7854950","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8617515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8617605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8617790","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8617972","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8618052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8618141","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8618209","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8618290","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8618350","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8618734","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8618805","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8618881","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8618978","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8619054","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8619129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8619194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8619310","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8619399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8619451","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8619577","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8619746","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8619797","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8619891","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8619984","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8621197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8621252","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8621353","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8621467","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8621527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8621615","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8621674","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8621738","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8621796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8622014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622075","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8622140","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8622194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8622253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8622322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8622382","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8622467","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8622542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622592","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8622678","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8622798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622849","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8622932","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8623012","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8624057","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8624108","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8624203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8624277","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8624334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8624397","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8624454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8624517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8624573","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8624781","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8624843","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8624905","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8624959","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8625018","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8625083","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8625143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8625225","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8625301","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8625352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8625434","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8625567","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8625617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8625702","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8625787","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8627097","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8627165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8627320","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8627435","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8627518","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8627589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8627649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8627716","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8627775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8628035","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8628170","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8628227","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8628288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8628354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8628417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8628518","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8628599","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628651","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8628744","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8628882","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8629020","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8629106","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8630156","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8630206","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8630300","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8630380","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8630472","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8630555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8630617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8630682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8630740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8630964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631024","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8631088","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8631159","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8631218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8631282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8631342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8631457","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8631535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631586","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8631672","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8631793","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631843","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8631926","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8632011","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8633148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8633199","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8633293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8633368","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8633426","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8633489","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8633546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8633611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8633668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8633875","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8633935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8633996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8634051","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8634109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8634172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8634231","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8634316","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8634397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8634452","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8634543","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8634665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8634715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8634802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8634888","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8635942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8635992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8636101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8636178","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8636235","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8636298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8636355","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8636447","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8636506","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8636720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8636779","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8636843","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8636898","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8636956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8637021","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8637081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8637166","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8637242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8637291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8637374","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8637491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8637541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8637624","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8637705","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8638764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8638814","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8638906","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8639000","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8639058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8639136","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8639193","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8639255","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8639312","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8639516","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8639575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8639637","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8639691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8639749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8639812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8639871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8639954","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8640028","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8640079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8640196","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8640328","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8640379","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8640477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8640563","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,9548917","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 4744, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,0633995","com.barraider.voicemeeter.exe","8808","Thread Exit","","SUCCESS","Thread ID: 10116, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,1562619","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 34356, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,1716748","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:25,5282649","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 30620"
"10:28:25,5283047","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 16784"
"10:28:25,5285594","com.barraider.twitchtools.exe","36544","TCP Send","kubernetes.docker.internal:60487 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51956084, endtime: 51956084, seqnum: 0, connid: 0"
"10:28:25,5286857","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 8000"
"10:28:25,6911649","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:25,7297923","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7298011","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7298191","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,7298381","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7298478","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,7298592","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,7298796","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7299155","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,7299228","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7299632","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7299744","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,7299879","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7299943","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,7300011","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7300092","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,7300159","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7300280","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,7300553","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7300627","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7300770","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7301033","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7301090","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7301215","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7301346","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,7927386","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7927516","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,7927690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,7927772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,7927844","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7927946","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,7928004","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7928273","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7928348","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,7928509","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7928578","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,7928641","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7928711","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,7928771","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7928888","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,7928983","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7929051","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7929220","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7929284","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7929373","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8692551","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8692644","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8692854","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8693052","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8693161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8693254","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8693320","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8693499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8693794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8694303","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8694405","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8694530","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8694597","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8694664","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8694744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8694813","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8694940","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8695034","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8695098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8695222","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8695419","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8695486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8695620","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8695721","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8697165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8697253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8697365","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8697479","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8697544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8697625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8697687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8697765","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8697827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8698059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698129","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8698199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8698257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8698315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8698381","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8698443","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8698536","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8698618","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8698776","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8698902","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698960","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8699049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8699134","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8700198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8700255","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8700355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8700442","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8700516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8700584","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8700658","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8700737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8700796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8701011","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8701076","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8701143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8701218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8701279","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8701345","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8701435","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8701524","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8701613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8701716","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8701833","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8701969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8702066","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8702164","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8702254","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8703314","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8703381","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8703483","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8703562","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8703633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8703699","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8703758","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8703830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8703917","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8704134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8704198","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8704300","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8704360","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8704421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8704487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8704556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8704684","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8704764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8704816","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8704908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8705031","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8705083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8705169","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8705272","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8706322","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8706406","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8706505","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8706619","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8706684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8706752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8706811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8706875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8706943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8707159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8707226","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8707298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8707363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8707423","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8707490","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8707551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8707637","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8707717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8707769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8707864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8707988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8708075","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8708167","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8708257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8709337","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8709398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8709495","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8709575","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8709635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8709701","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8709760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8709835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8709894","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8710113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8710187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8710278","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8710366","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8710434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8710533","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8710662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8710758","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8710837","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8710891","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8710982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8711111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8711164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8711258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8711341","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8712425","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8712481","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8712583","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8712664","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8712763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8712833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8712891","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8712961","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8713037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8713256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8713326","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8713393","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8713450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8713509","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8713576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8713638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8713723","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8713803","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8713859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8713956","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8714079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8714134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8714239","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8714326","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8715386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8715557","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8715662","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8715741","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8715803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8715868","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8715928","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8715993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8716052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8716263","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8716358","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8716483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8716549","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8716613","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8716680","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8716804","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8717007","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8717131","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8717198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8717315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8717486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8717539","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8717705","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8717820","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,2041656","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7086508","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7087140","com.barraider.obstools.exe","7132","TCP Disconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7091792","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7092801","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 6800"
"10:28:26,7093367","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 14720"
"10:28:26,7095002","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7095672","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4216"
"10:28:26,7096098","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7096887","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7097331","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7097795","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7098200","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7098642","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099076","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099504","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099905","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7100328","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7100767","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7101164","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7101584","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7102054","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7373098","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7373262","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7373525","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,7373749","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,7373856","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,7373969","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,7374058","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,7374153","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,7374231","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,7374589","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7374678","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,7374778","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,7374859","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,7375079","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,7375194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,7375276","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,7375427","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,7375592","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7375667","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7375797","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,7376024","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7376099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7376223","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,7376352","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8002355","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8002487","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8002690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8002772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8002831","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8002905","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8002962","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8003210","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8003279","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8003357","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8003417","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8003496","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8003564","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8003623","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8003729","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8003807","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8003869","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8004005","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8004066","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8004146","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8767684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8767785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8767994","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8768198","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8768281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8768387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8768455","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8768527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8768588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8768974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8769098","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8769203","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8769269","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8769337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8769411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8769488","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8769631","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8769745","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8769832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8769949","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8770135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8770189","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8770284","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8770379","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8771684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8771743","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8771864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8771949","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8772012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8772079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8772139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8772204","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8772282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8772508","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8772570","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8772635","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8772691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8772751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8772819","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8772881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8772968","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8773047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8773100","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8773204","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8773331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8773384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8773473","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8773556","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8774640","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8774695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8774791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8774871","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8774933","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8774997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8775057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8775122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8775181","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8775397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8775458","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8775523","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8775586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8775645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8775718","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8775779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8775865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8775949","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8776001","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8776088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8776209","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8776260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8776349","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8776463","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8777525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8777577","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8777671","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8777751","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8777810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8777875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8777934","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8777999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8778057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8778270","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8778330","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8778394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8778450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8778508","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8778575","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8778637","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8778722","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8778798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8778850","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8778936","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8779056","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8779107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8779197","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8779283","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8780360","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8780413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8780560","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8780647","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8780712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8780779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8780840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8780907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8780983","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8781197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8781258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8781323","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8781407","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8781470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8781538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8781600","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8781687","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8781765","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8781818","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8781905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8782044","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8782096","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8782183","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8782270","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8783332","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8783385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8783480","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8783557","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8783617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8783684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8783743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8783810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8783869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8784082","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8784207","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8784263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8784343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8784412","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8784475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8784562","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8784639","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8784778","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8784898","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784951","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8785052","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8785135","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8786196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8786247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8786348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8786458","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8786520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8786590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8786650","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8786715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8786775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8786988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8787113","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8787168","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8787228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8787295","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8787358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8787444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8787524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787575","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8787683","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8787804","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787856","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8787965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8788049","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8789105","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8789159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8789273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8789350","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8789409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8789482","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8789557","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8789632","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8789719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8789968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790033","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8790099","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8790155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8790215","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8790283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8790347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8790470","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8790553","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8790710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8790831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790897","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8790997","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8791082","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,0322869","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 16784, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:27,7448185","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7448276","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7448476","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,7448676","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,7448770","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,7448860","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,7448923","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,7448994","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,7449055","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,7449387","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7449472","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,7449577","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,7449652","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,7449724","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,7449799","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,7449879","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,7450020","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,7450118","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7450179","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7450281","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,7450459","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7450530","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7450634","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,7450732","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8079732","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8079885","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8080048","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8080126","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8080190","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8080259","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8080350","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8080679","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8080757","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8080845","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8080906","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8080969","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8081038","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8081098","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8081211","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8081287","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8081351","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8081824","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8081957","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8082133","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8842946","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8843039","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8843276","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8843472","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8843558","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8843652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8843716","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8843791","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8843851","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8844243","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8844312","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8844391","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8844449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8844519","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8844592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8844697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8844819","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8844913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8844969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8845072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8845271","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8845324","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8845421","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8845513","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8846795","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8846849","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8846952","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8847038","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8847117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8847184","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8847245","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8847311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8847386","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8847613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8847674","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8847740","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8847799","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8847857","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8847925","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8847986","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8848074","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8848152","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8848204","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8848293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8848420","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8848472","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8848563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8848645","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8849706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8849758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8849854","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8849932","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8849991","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8850056","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8850116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8850182","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8850240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8850451","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8850512","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8850574","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8850630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8850689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8850756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8850858","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8850953","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8851032","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8851083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8851173","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8851296","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8851348","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8851458","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8851542","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8853878","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8853934","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8854038","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8854127","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8854191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8854258","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8854317","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8854381","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8854440","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8854669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8854733","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8854798","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8854854","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8854914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8854979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8855041","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8855132","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8855211","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8855262","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8855350","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8855473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8855525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8855612","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8855695","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8856786","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8856840","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8856934","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8857035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8857095","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8857160","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8857219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8857283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8857358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8857570","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8857631","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8857695","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8857751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8857810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8857874","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8857935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8858021","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8858098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8858148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8858235","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8858356","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8858409","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8858493","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8858575","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8859617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8859670","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8859768","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8859843","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8859901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8859966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8860025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8860089","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8860147","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8860357","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8860417","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8860479","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8860534","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8860593","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8860659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8860720","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8860805","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8860881","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8860932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8861018","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8861136","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8861187","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8861272","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8861354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8862434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8862487","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8862580","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8862656","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8862715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8862779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8862869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8862937","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8862998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8863209","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8863270","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8863333","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8863389","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8863448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8863514","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8863579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8863671","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8863753","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8863805","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8863891","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8864009","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8864062","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8864146","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8864229","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8865290","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8865343","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8865440","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8865516","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8865592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8865657","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8865717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8865782","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8865856","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8866067","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8866127","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8866190","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8866263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8866323","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8866417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8866481","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8866567","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8866647","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8866699","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8866786","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8866906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8866958","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8867043","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8867125","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,2099052","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 6800, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:28,4578058","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 36212"
"10:28:28,7522755","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7522863","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,7523102","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,7523316","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,7523413","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,7523528","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,7523606","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,7523694","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,7523770","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,7524124","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7524210","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,7524302","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,7524376","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,7524457","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,7524547","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,7524625","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,7524771","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,7524881","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7524951","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,7525073","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,7525271","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7525337","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,7525477","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,7525701","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8152840","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8152976","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8153159","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8153264","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8153325","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8153401","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8153459","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8153717","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8153787","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8153870","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8153929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8153992","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8154060","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8154142","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8154251","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8154328","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8154391","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8154525","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8154585","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8154666","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8917541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8917626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8917846","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8918014","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8918097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8918183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8918248","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8918322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8918385","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8918756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8918826","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8918900","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8918960","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8919029","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8919127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8919194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8919300","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8919390","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8919444","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8919538","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8919704","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8919758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8919852","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8919942","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8921166","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8921217","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8921315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8921434","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8921497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8921564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8921624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8921707","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8921766","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8921984","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8922045","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8922112","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8922168","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8922226","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8922293","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8922356","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8922444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8922523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8922615","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8922712","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8922841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8922893","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8922981","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8923070","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8924135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8924189","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8924290","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8924368","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8924428","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8924495","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8924555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8924624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8924683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8924894","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8924959","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8925023","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8925080","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8925140","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8925205","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8925268","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8925354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8925433","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8925486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8925575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8925700","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8925751","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8925855","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8925939","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8927024","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8927076","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8927186","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8927264","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8927325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8927391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8927451","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8927515","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8927574","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8927783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8927847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8927910","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8927966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8928025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8928096","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8928161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8928248","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8928325","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8928379","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8928479","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8928602","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8928654","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8928741","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8928824","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8929873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8929925","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8930019","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8930096","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8930155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8930221","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8930281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8930363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8930423","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8930630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8930691","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8930754","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8930810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8930870","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8930935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8930997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8931084","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8931160","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8931212","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8931299","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8931448","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8931501","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8931588","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8931672","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8932717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8932769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8932863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8932940","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8932998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8933067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8933127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8933199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8933259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8933501","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8933563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8933628","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8933684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8933744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8933812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8933876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8933964","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8934041","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8934094","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8934180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8934299","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8934353","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8934439","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8934522","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8935576","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8935628","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8935741","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8935817","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8935876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8935941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8936000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8936064","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8936123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8936331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8936419","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8936486","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8936544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8936604","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8936670","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8936752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8936838","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8936917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8936969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8937054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8937177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8937229","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8937317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8937399","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8938442","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8938494","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8938587","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8938683","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8938742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8938806","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8938866","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8938944","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8939004","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8939214","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8939274","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8939338","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8939394","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8939453","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8939523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8939585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8939673","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8939752","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8939808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8939893","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8940012","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8940080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8940180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8940262","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,7598470","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7598717","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,7599003","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,7599242","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,7599344","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,7599456","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,7599537","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,7599626","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,7599703","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,7600088","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7600185","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,7600285","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,7600362","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,7600446","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,7600541","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,7600629","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,7600770","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,7600886","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7600956","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,7601084","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,7601303","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7601368","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,7601526","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,7601634","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,8228495","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8228635","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,8228823","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,8228908","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,8228968","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8229038","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,8229097","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8229366","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8229438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,8229520","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8229582","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,8229646","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8229752","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,8229812","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8229924","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,8230001","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8230066","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8230204","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8230265","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8230347","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,8992572","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8992662","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8992876","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,8993068","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8993177","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,8993269","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,8993337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8993415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,8993481","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8993873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8993950","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,8994033","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8994099","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,8994171","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8994250","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,8994321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8994442","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,8994537","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8994596","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8994703","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8994889","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8994945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8995046","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8995148","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,8996889","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8996988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8997240","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,8997430","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8997521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,8997610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,8997673","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8997778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,8997842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8998222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8998295","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,8998373","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8998433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,8998501","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8998576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,8998640","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8998761","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,8998851","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8998907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8999007","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8999202","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8999254","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8999348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8999440","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9000854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9000907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9001007","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9001089","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9001151","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9001219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9001278","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9001343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9001449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9001688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9001752","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9001819","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9001875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9001974","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9002049","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9002117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9002213","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9002300","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9002351","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9002442","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9002573","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9002625","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9002713","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9002801","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9003873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9003924","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9004026","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9004103","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9004162","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9004230","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9004288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9004353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9004411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9004627","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9004687","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9004750","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9004806","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9004864","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9004931","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9004994","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9005080","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9005159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9005210","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9005296","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9005416","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9005468","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9005554","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9005635","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9006752","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9006808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9006905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9006984","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9007045","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9007111","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9007170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9007259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9007319","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9007543","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9007603","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9007667","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9007723","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9007783","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9007848","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9007911","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9007997","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9008074","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9008126","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9008216","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9008338","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9008389","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9008477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9008560","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9009607","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9009658","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9009753","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9009850","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9009908","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9009973","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9010032","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9010097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9010155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9010365","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9010424","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9010487","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9010543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9010602","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9010684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9010746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9010829","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9010907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9010959","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9011046","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9011165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9011216","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9011317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9011440","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9012510","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9012563","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9012664","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9012741","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9012817","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9012918","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9012980","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9013054","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9013117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9013333","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9013401","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9013467","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9013523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9013584","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9013652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9013713","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9013802","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9013879","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9013931","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9014017","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9014143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9014195","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9014281","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9014365","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9015407","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9015460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9015553","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9015628","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9015687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9015752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9015811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9015895","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9015954","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9016163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9016223","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9016286","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9016342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9016445","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9016524","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9016591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9016679","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9016761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9016813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9016919","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9017047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9017099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9017201","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9017284","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9614077","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 36212, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:30,7672698","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 35168"
"10:28:30,7672811","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7672923","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,7673149","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,7673356","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,7673438","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,7673526","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,7673592","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,7673665","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,7673727","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,7674045","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7674122","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,7674207","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,7674269","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,7674336","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,7674412","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,7674484","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,7674609","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,7674702","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7674756","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,7674856","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,7675023","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7675074","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,7675201","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,7675295","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,8302367","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8302536","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,8302755","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,8302855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,8302929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,8303016","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,8303128","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,8303442","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8303532","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,8303640","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,8303717","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,8303808","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,8303880","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,8303938","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,8304056","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,8304133","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8304197","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,8304327","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8304390","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,8304474","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9067852","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9067949","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9068224","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9068472","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9068567","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9068688","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9068766","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9068841","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9068903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9069291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9069369","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9069453","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9069513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9069585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9069666","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9069732","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9069856","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9069953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9070006","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9070105","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9070279","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9070331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9070426","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9070522","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9072882","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9072939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9073072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9073161","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9073225","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9073294","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9073357","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9074132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9074221","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9074496","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9074564","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9074637","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9074697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9074760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9074828","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9074890","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9074982","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9075061","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9075114","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9075209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9075365","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9075417","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9075510","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9075596","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9076758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9076812","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9076910","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9076990","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9077050","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9077116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9077176","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9077240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9077298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9077512","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9077571","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9077635","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9077690","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9077749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9077821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9077885","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9077970","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9078047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9078098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9078184","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9078304","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9078355","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9078440","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9078523","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9079571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9079622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9079721","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9079798","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9079861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9079925","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9079983","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9080046","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9080104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9080311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9080370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9080435","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9080491","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9080550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9080653","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9080719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9080808","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9080888","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9080939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9081026","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9081149","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9081201","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9081288","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9081444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9082506","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9082559","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9082657","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9082736","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9082796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9082861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9082921","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9083005","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9083065","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9083276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9083339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9083403","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9083460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9083519","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9083586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9083648","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9083734","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9083811","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9083864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9083952","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9084076","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9084129","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9084215","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9084299","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9085401","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9085454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9085551","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9085652","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9085712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9085779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9085837","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9085902","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9085964","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9086173","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9086234","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9086297","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9086354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9086462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9086531","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9086594","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9086682","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9086760","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9086813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9086900","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9087022","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9087073","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9087158","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9087244","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9088296","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9088349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9088444","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9088521","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9088579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9088649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9088708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9088772","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9088831","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9089038","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9089098","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9089160","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9089216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9089276","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9089342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9089403","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9089489","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9089565","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9089618","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9089705","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9089822","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9089873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9089975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9090059","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9091104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9091157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9091266","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9091349","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9091435","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9091502","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9091591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9091675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9091734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9091947","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9092009","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9092072","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9092127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9092185","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9092253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9092314","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9092398","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9092474","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9092525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9092613","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9092731","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9092782","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9092865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9092946","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,7748384","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7748499","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,7748722","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,7748916","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,7749032","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,7749147","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,7749237","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,7749370","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,7749464","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,7749874","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7749980","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,7750105","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,7750190","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,7750283","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,7750382","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,7750482","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,7750728","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,7750837","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7750892","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,7750998","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,7751186","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7751239","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,7751335","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,7751475","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,8376993","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8377138","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,8377328","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,8377419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,8377482","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,8377554","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,8377613","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,8377886","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8377957","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,8378042","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,8378104","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,8378170","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,8378242","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,8378303","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,8378417","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,8378492","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8378556","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,8378707","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8378771","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,8378855","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9142734","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9142831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9143055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9143296","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9143386","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9143475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9143544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9143621","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9143685","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9144083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9144157","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9144241","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9144353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9144454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9144536","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9144618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9144757","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9144870","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9144927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9145034","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9145226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9145280","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9145379","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9145472","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9146781","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9146835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9146935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9147020","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9147082","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9147152","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9147213","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9147284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9147343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9147564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9147629","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9147695","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9147753","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9147812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9147880","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9147942","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9148032","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9148110","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9148164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9148254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9148382","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9148435","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9148525","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9148609","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9149688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9149741","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9149837","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9149916","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9149977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9150042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9150101","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9150187","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9150247","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9150462","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9150523","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9150588","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9150645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9150705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9150772","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9150834","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9150925","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9151004","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9151056","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9151144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9151265","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9151318","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9151441","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9151526","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9152588","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9152641","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9152738","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9152815","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9152875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9152941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9153000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9153064","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9153123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9153339","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9153402","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9153469","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9153526","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9153586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9153672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9153735","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9153822","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9153900","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9153952","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9154043","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9154164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9154217","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9154306","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9154388","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9155447","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9155498","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9155596","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9155672","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9155789","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9155859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9155920","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9155984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9156042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9156261","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9156324","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9156419","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9156477","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9156537","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9156603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9156667","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9156753","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9156832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9156885","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9156988","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9157112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9157164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9157251","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9157348","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9158412","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9158465","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9158562","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9158638","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9158697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9158763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9158822","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9158906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9158964","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9159176","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9159238","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9159301","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9159357","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9159416","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9159482","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9159543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9159629","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9159707","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9159758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9159844","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9159963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9160014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9160100","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9160181","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9161234","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9161288","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9161381","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9161485","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9161545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9161610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9161669","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9161744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9161803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9162014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9162075","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9162138","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9162194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9162253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9162321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9162383","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9162469","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9162547","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9162598","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9162683","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9162801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9162853","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9162938","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9163020","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9164082","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9164134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9164229","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9164304","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9164363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9164428","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9164486","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9164551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9164610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9164821","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9164881","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9164944","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9165000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9165058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9165123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9165184","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9165269","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9165346","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9165398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9165563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9165695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9165747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9165837","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9165920","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,2709458","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 35168, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:32,5962832","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 17004"
"10:28:32,7822888","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7822987","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,7823263","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,7823473","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,7823564","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,7823657","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,7823725","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,7823800","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,7823863","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,7824203","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7824277","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,7824362","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,7824422","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,7824489","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,7824564","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,7824628","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,7824756","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,7824850","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7824905","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,7825005","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,7825199","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7825252","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,7825353","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,7825446","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,8452332","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8452464","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,8452644","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,8452747","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,8452808","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,8452878","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,8452935","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,8453196","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8453267","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,8453382","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,8453460","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,8453524","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,8453592","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,8453675","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,8453790","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,8453868","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8453933","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,8454070","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8454132","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,8454215","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9217783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9217878","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9218099","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9218301","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9218388","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9218502","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9218567","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9218641","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9218703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9219085","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9219159","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9219243","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9219304","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9219372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9219446","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9219510","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9219634","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9219729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9219785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9219894","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9220062","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9220115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9220212","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9220307","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9221608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9221663","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9221764","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9221849","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9221912","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9221979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9222039","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9222103","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9222164","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9222383","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9222446","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9222511","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9222568","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9222628","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9222695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9222756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9222850","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9222927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9222979","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9223085","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9223208","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9223260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9223348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9223432","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9224492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9224545","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9224642","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9224720","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9224778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9224843","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9224902","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9224966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9225025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9225242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9225305","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9225369","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9225425","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9225485","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9225555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9225617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9225702","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9225780","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9225832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9225922","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9226042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9226093","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9226195","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9226278","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9227381","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9227434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9227544","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9227623","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9227682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9227763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9227823","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9227888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9227946","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9228202","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9228281","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9228348","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9228405","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9228465","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9228534","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9228599","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9228688","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9228766","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9228819","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9228905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9229028","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9229080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9229168","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9229252","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9230320","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9230373","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9230468","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9230546","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9230606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9230675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9230735","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9230803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9230863","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9231084","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9231145","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9231209","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9231265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9231325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9231420","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9231487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9231575","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9231653","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9231708","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9231795","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9231917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9231969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9232058","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9232140","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9233192","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9233245","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9233359","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9233437","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9233497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9233563","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9233623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9233687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9233746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9233962","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9234023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9234086","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9234143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9234203","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9234271","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9234351","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9234441","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9234518","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9234571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9234659","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9234783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9234835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9234921","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9235005","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9236055","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9236107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9236203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9236280","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9236339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9236448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9236510","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9236575","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9236635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9236848","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9236910","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9236974","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9237031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9237090","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9237157","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9237219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9237305","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9237382","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9237435","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9237538","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9237680","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9237739","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9237824","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9237909","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9238977","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9239066","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9239164","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9239273","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9239333","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9239398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9239458","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9239522","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9239580","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9239791","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9239852","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9240688","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9240755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9240815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9240881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9240944","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9241031","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9241111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9241163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9241254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9241408","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9241461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9241605","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9241694","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,7899308","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7899429","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,7899702","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,7900024","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,7900169","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,7900284","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,7900375","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,7900469","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,7900547","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,7900915","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7901008","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,7901107","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,7901200","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,7901290","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,7901381","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,7901508","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,7901656","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,7901781","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7901852","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,7902019","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,7902263","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7902341","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,7902511","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,7902646","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,8530559","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8530758","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,8530995","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,8531129","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,8531212","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,8531313","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,8531419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,8531736","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8531812","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,8531906","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,8531981","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,8532047","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,8532120","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,8532181","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,8532294","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,8532372","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8532438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,8532584","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8532647","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,8532757","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9292943","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9293048","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9293254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9293500","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9293589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9293689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9293755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9293830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9293892","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9294285","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9294358","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9294442","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9294503","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9294576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9294652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9294724","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9295011","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9295120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9295193","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9295307","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9295520","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9295595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9295709","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9295834","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9297171","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9297225","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9297329","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9297417","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9297479","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9297552","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9297612","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9297682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9297742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9297967","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9298033","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9298102","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9298158","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9298218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9298284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9298347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9298438","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9298517","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9298569","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9298666","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9298815","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9298867","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9298956","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9299039","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9300123","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9300179","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9300280","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9300364","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9300424","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9300490","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9300548","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9300613","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9300672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9300896","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9300957","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9301022","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9301078","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9301175","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9301253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9301314","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9301428","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9301509","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9301562","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9301656","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9302138","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9302194","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9302288","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9302379","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9303758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9303813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9303912","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9304080","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9304142","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9304228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9304288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9304353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9304411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9304632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9304694","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9304759","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9304815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9304893","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9304958","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9305020","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9305109","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9305187","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9305239","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9305332","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9305456","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9305507","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9305592","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9305674","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9306775","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9306830","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9306926","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9307004","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9307067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9307132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9307190","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9307254","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9307311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9307523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9307584","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9307647","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9307703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9307762","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9307830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9307891","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9307976","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9308053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9308104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9308190","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9308311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9308362","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9308448","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9308557","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9309626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9309680","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9309781","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9309861","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9309936","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9310002","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9310061","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9310125","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9310183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9310397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9310614","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9310684","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9310743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9310804","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9310871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9310933","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9311020","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9311099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9311151","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9311241","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9311526","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9311584","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9311674","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9311760","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9313120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9313175","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9313273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9313354","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9313437","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9313527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9313586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9313651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9313709","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9313932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9313993","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9314059","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9314114","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9314172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9314237","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9314298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9314384","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9314462","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9314513","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9314598","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9314725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9314776","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9314861","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9314942","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9316111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9316163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9316259","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9316337","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9316420","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9316486","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9316545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9316608","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9316665","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9316875","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9316936","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9317000","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9317055","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9317113","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9317180","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9317240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9317326","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9317403","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9317454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9317555","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9317676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9317727","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9317812","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9317894","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,1000120","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 17004, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:34,5338022","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 26244"
"10:28:34,5803397","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 7520"
"10:28:34,5803730","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 24548"
"10:28:34,7130133","com.barraider.twitchtools.exe","36544","TCP Send","host.docker.internal:57022 -> ec2-52-32-254-227.us-west-2.compute.amazonaws.com:https","SUCCESS","Length: 35, startime: 51956985, endtime: 51957003, seqnum: 0, connid: 0"
"10:28:34,7972922","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7973059","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,7973542","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,7973810","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,7973933","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,7974049","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,7974149","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,7974251","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,7974370","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,7974776","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7974886","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,7975001","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,7975086","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,7975188","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,7975297","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,7975392","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,7975555","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,7975685","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7975767","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,7975921","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,7976161","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7976234","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,7976435","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,7976586","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,8602614","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8602774","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,8602980","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,8603070","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,8603177","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,8603253","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,8603313","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,8603595","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8603667","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,8603761","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,8603826","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,8603891","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,8603980","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,8604044","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,8604170","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,8604254","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8604322","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,8604464","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8604529","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,8604618","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9368096","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9368205","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9368409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9368612","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9368703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9368794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9368859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9368935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9369002","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9369412","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9369501","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9369583","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9369644","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9369725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9369811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9369921","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9370049","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9370143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9370208","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9370314","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9370553","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9370609","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9370708","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9370811","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9372158","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9372216","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9372317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9372400","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9372462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9372531","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9372593","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9372659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9372719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9372943","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9373006","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9373073","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9373129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9373263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9373333","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9373398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9373489","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9373566","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9373621","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9373709","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9373833","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9373885","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9373976","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9374060","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9375124","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9375177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9375275","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9375353","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9375413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9375478","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9375538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9375606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9375685","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9375899","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9375961","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9376026","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9376082","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9376143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9376216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9376279","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9376373","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9376483","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9376536","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9376625","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9376748","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9376800","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9376889","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9376973","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9378037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9378091","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9378188","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9378291","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9378353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9378419","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9378480","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9378551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9378610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9378826","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9378887","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9378954","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9379011","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9379072","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9379138","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9379201","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9379289","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9379367","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9379419","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9379505","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9379626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9379678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9379765","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9379848","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9380898","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9380951","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9381054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9381131","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9381206","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9381272","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9381331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9381396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9381487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9381738","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9381806","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9381871","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9381935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9382010","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9382086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9382156","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9382263","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9382347","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9382414","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9382508","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9382630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9382684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9382771","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9382854","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9383912","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9383965","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9384062","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9384139","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9384199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9384265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9384325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9384391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9384470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9384683","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9384745","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9384809","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9384867","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9384926","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9384993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9385056","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9385142","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9385221","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9385274","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9385363","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9385484","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9385538","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9385631","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9385714","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9386806","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9386860","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9386957","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9387035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9387095","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9387163","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9387223","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9387288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9387349","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9387561","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9387626","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9387691","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9387748","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9387808","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9387876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9387938","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9388027","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9388104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9388157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9388243","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9388364","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9388416","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9388502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9388585","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9389641","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9389695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9389792","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9389868","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9389932","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9389998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9390066","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9390133","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9390193","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9390406","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9390469","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9390533","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9390590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9390651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9390737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9390800","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9390887","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9390966","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9391019","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9391107","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9391230","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9391284","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9391370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9391499","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,8048975","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8049060","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,8049269","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,8049473","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,8049555","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,8049646","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,8049711","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8049783","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,8049843","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8050156","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8050226","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,8050305","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,8050365","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,8050431","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8050503","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,8050566","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8050676","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,8050762","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8050815","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,8050916","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8051092","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8051144","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,8051240","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8051333","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,8678552","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8678703","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,8678896","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,8678982","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,8679046","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8679118","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,8679177","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8679453","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8679523","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,8679609","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,8679670","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,8679733","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8679802","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,8679862","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8680031","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,8680117","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8680183","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8680321","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8680428","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8680514","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9443081","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9443165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9443349","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9443535","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9443618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9443708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9443774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9443884","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9443946","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9444340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9444409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9444489","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9444550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9444619","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9444696","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9444760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9444873","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9444968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9445021","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9445122","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9445301","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9445352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9445476","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9445568","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9446866","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9446918","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9447023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9447109","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9447170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9447238","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9447297","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9447362","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9447421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9447643","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9447704","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9447769","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9447824","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9447884","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9447972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9448035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9448123","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9448206","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9448259","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9448351","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9448473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9448524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9448612","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9448695","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9449756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9449808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9449903","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9450002","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9450062","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9450126","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9450185","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9450249","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9450308","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9450520","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9450584","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9450648","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9450704","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9450763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9450828","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9450890","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9450976","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9451053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9451104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9451190","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9451310","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9451361","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9451477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9451562","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9452617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9452669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9452770","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9452848","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9452906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9452972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9453030","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9453115","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9453174","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9453428","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9453502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9453566","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9453623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9453682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9453748","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9453809","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9453895","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9453971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9454024","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9454110","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9454233","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9454284","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9454373","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9454454","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9455510","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9455561","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9455654","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9455730","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9455788","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9455856","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9455914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9455977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9456035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9456249","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9456309","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9456370","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9456452","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9456512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9456579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9456640","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9456726","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9456805","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9456857","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9456942","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9457064","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9457115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9457200","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9457282","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9458341","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9458393","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9458511","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9458592","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9458651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9458715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9458774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9458836","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9458894","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9459112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9459173","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9459236","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9459291","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9459350","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9459414","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9459476","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9459561","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9459637","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9459688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9459774","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9459912","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9459963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9460047","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9460128","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9461175","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9461227","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9461321","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9461422","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9461485","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9461551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9461609","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9461691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9461750","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9461963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9462023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9462087","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9462142","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9462201","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9462265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9462326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9462413","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9462489","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9462540","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9462624","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9462747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9462798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9462888","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9462986","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9464037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9464116","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9464253","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9464332","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9464390","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9464454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9464513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9464576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9464634","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9464846","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9464906","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9464969","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9465024","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9465083","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9465148","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9465244","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9465331","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9465409","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9465460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9465599","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9465719","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9465770","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9465857","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9465940","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,0374536","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 26244, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:36,0839102","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 24548, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:36,7194112","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:36,7194326","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:24, LastWriteTime: 29.06.2022 10:28:24, ChangeTime: 29.06.2022 10:28:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:36,7194421","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:36,7195677","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:36,7195851","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:24, LastWriteTime: 29.06.2022 10:28:24, ChangeTime: 29.06.2022 10:28:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:36,7195934","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:36,7196731","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: 0, OpenResult: Opened"
"10:28:36,7197087","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 0, Length: 0, Priority: Normal"
"10:28:36,7197227","com.barraider.obstools.exe","7132","QueryStandardInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","AllocationSize: 143.360, EndOfFile: 142.576, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:28:36,7197332","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 142.576, Length: 79, Priority: Normal"
"10:28:36,7198237","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:36,8122963","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8123051","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,8123273","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,8123466","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,8123575","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,8123663","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,8123727","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8123797","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,8123858","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8124173","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8124246","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,8124322","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,8124383","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,8124451","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8124526","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,8124589","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8124708","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,8124801","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8124854","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,8124954","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8125128","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8125180","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,8125276","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8125385","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,8755101","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8755310","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,8755620","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,8755754","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,8755855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8755958","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,8756090","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8756483","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8756596","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,8756734","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,8756831","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,8756933","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8757042","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,8757135","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8757303","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,8757420","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8757533","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8757743","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8757848","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8757973","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9517881","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9517974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9518233","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9518428","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9518523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9518626","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9518701","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9518803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9518878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9519291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9519366","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9519445","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9519504","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9519576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9519650","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9519717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9519837","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9519933","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9519988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9520087","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9520261","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9520315","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9520455","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9520553","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9521864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9521919","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9522023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9522109","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9522172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9522246","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9522308","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9522373","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9522433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9522659","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9522724","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9522789","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9522847","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9522907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9522995","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9523061","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9523153","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9523232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9523285","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9523375","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9523551","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9523609","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9523702","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9523786","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9524858","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9524910","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9525035","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9525117","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9525310","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9525378","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9525438","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9525503","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9525561","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9525783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9525847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9525916","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9525971","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9526031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9526102","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9526164","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9526254","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9526335","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9526388","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9526502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9526630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9526682","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9526767","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9526849","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9527919","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9527971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9528069","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9528148","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9528207","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9528273","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9528331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9528415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9528474","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9528686","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9528749","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9528813","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9528869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9528930","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9528996","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9529059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9529144","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9529232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9529283","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9529370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9529506","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9529557","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9529644","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9529728","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9530789","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9530841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9530935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9531014","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9531074","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9531140","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9531198","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9531263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9531322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9531571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9531636","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9531700","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9531756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9531815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9531881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9531943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9532028","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9532106","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9532162","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9532283","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9532414","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9532466","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9532555","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9532641","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9533715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9533768","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9533863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9533941","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9534001","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9534069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9534131","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9534197","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9534256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9534480","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9534544","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9534609","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9534666","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9534726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9534793","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9534860","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9534948","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9535025","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9535080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9535172","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9535293","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9535344","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9535431","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9535515","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9536611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9536665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9536764","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9536865","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9536927","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9536993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9537052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9537135","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9537196","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9537410","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9537472","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9537537","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9537596","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9537656","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9537726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9537790","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9537879","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9537960","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9538013","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9538117","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9538240","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9538297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9538385","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9538468","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9539527","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9539581","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9539677","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9539754","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9539814","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9539883","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9539943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9540007","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9540067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9540276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9540339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9540403","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9540460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9540520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9540589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9540671","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9540761","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9540840","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9540892","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9540980","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9541135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9541194","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9541280","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9541363","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,2306627","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:37,6028145","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 13496"
"10:28:37,6028804","com.barraider.supermacro.exe","35152","TCP Send","kubernetes.docker.internal:60489 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51957292, endtime: 51957292, seqnum: 0, connid: 0"
"10:28:37,6029903","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 17968"
"10:28:37,7421547","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:37,8198212","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8198329","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,8198595","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,8198832","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,8198945","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,8199062","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,8199151","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8199252","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,8199325","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8199793","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8199892","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,8200011","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,8200123","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,8200264","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8200403","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,8200524","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8200704","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,8200839","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8200922","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,8201066","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8201310","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8201374","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,8201551","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8201687","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,8828942","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8829112","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,8829300","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,8829383","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,8829445","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8829539","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,8829596","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8829862","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8829935","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,8830020","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,8830080","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,8830144","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8830213","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,8830272","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8830387","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,8830463","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8830529","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8830662","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8830724","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8830807","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9592687","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9592778","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9592961","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9593144","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9593228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9593317","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9593382","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9593458","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9593518","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9593900","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9593975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9594054","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9594113","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9594181","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9594283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9594352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9594473","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9594568","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9594622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9594729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9594899","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9594953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9595045","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9595134","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9596385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9596473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9596575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9596926","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9597059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9597152","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9597219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9597347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9597408","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9597807","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9597897","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9598005","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9598067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9598135","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9598214","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9598281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9598387","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9598481","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9598538","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9598682","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9598877","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9598931","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9599032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9599130","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9600589","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9600644","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9600749","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9600842","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9600903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9600973","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9601033","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9601100","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9601159","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9601380","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9601482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9601551","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9601610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9601672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9601740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9601802","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9601890","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9601972","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9602025","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9602114","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9602245","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9602298","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9602409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9602493","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9603567","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9603619","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9603761","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9603844","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9603905","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9603971","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9604030","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9604094","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9604153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9604370","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9604431","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9604494","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9604551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9604610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9604677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9604741","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9604828","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9604906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9604959","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9605047","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9605172","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9605227","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9605315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9605399","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9606490","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9606542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9606641","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9606718","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9606777","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9606842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9606901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9606984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9607042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9607257","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9607318","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9607381","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9607438","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9607498","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9607570","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9607630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9607718","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9607833","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9607893","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9607981","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9608104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9608157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9608244","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9608328","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9609386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9609439","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9609537","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9609616","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9609677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9609743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9609802","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9609869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9609928","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9610139","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9610200","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9610265","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9610321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9610384","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9610454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9610516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9610603","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9610681","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9610733","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9610819","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9610939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9610991","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9611077","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9611160","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9612249","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9612302","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9612398","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9612476","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9612535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9612601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9612662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9612727","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9612786","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9612996","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9613055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9613120","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9613175","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9613235","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9613302","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9613387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9613474","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9613552","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9613606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9613695","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9613816","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9613867","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9613954","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9614036","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9615088","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9615139","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9615236","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9615349","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9615409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9615475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9615535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9615636","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9615696","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9615910","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9615971","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9616036","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9616093","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9616153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9616218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9616280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9616368","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9616475","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9616530","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9616616","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9616738","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9616791","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9616877","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9616959","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,2536534","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:38,4707974","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 15716"
"10:28:38,5637967","com.barraider.voicemeeter.exe","8808","Thread Exit","","SUCCESS","Thread ID: 15976, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:38,7651582","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:38,7652483","com.barraider.obstools.exe","7132","TCP Disconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:38,7657144","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7659120","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7660034","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7660528","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7661232","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7665332","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7666218","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7666831","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7667569","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7668051","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7668462","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7668859","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7669261","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7669647","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7670053","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7670442","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,8273075","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8273165","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,8273371","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,8273569","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,8273653","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,8273742","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,8273807","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8273880","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,8273941","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8274259","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8274329","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,8274405","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,8274465","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,8274532","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8274607","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,8274671","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8274786","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,8274883","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8274938","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,8275042","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8275222","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8275274","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,8275368","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8275462","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,8902298","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8902438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,8902628","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,8902713","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,8902778","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8902848","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,8902905","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8903176","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8903246","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,8903331","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,8903392","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,8903454","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8903526","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,8903622","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8903746","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,8903823","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8903887","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8904017","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8904079","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8904161","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9667665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9667788","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9668008","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9668242","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9668339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9668451","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9668530","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9668619","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9668695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9669120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9669209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9669304","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9669377","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9669463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9669553","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9669635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9669767","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9669876","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9669941","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9670072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9670274","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9670340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9670460","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9670574","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9672143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9672210","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9672339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9672440","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9672517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9672602","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9672677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9672781","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9672855","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9673128","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9673206","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9673287","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9673358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9673432","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9673513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9673591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9673702","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9673801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9673865","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9674006","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9674157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9674222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9674333","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9674436","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9675755","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9675820","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9675939","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9676035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9676110","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9676191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9676263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9676342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9676448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9676715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9676791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9676869","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9676939","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9677012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9677104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9677178","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9677264","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9677340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9677391","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9677476","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9677596","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9677649","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9677736","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9677817","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9678873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9678925","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9679024","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9679101","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9679177","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9679242","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9679300","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9679364","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9679421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9679632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9679693","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9679756","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9679852","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9679927","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9679992","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9680057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9680144","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9680222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9680275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9680362","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9680482","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9680533","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9680617","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9680700","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9681785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9681838","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9681935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9682011","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9682073","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9682139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9682198","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9682280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9682339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9682549","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9682610","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9682674","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9682729","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9682788","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9682853","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9682914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9683003","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9683079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9683130","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9683216","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9683338","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9683390","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9683477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9683572","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9684623","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9684675","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9684771","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9684847","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9684907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9684976","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9685035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9685100","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9685161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9685367","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9685430","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9685492","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9685564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9685623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9685689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9685751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9685837","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9685914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9685968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9686054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9686173","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9686224","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9686309","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9686420","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9687482","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9687534","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9687628","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9687705","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9687763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9687827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9687887","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9687951","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9688009","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9688224","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9688283","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9688346","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9688401","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9688460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9688525","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9688585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9688673","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9688748","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9688799","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9688883","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9689001","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9689052","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9689137","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9689220","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9690264","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9690316","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9690413","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9690488","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9690581","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9690652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9690712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9690798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9690859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9691070","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9691136","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9691205","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9691262","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9691322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9691413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9691479","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9691624","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9691705","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9691761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9691866","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9691989","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9692042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9692127","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9692210","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,1063885","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 13496, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:39,8349161","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8349255","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,8349473","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,8349666","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,8349758","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,8349859","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,8349932","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8350021","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,8350091","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8350428","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8350511","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,8350604","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,8350675","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,8350753","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8350839","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,8350916","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8351043","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,8351145","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8351208","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,8351324","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8351516","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8351577","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,8351686","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8351854","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,8980158","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8980297","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,8980477","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,8980559","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,8980619","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8980728","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,8980790","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8981070","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8981142","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,8981224","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,8981284","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,8981348","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8981417","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,8981477","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8981595","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,8981675","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8981740","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8981870","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8981932","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8982013","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9743766","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9743859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9744030","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9744174","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9744256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9744340","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9744470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9744543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9744603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9744961","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9745032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9745105","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9745165","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9745227","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9745301","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9745368","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9745433","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 15716, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:39,9745478","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9745601","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9745682","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9745834","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9746011","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9746061","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9746153","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9746253","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9747460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9747514","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9747610","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9747693","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9747949","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9748058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9748123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9748237","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9748299","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9748640","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9748732","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9748845","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9748905","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9748970","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9749047","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9749116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9749229","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9749319","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9749375","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9749495","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9749681","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9749733","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9749844","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9749936","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9751342","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9751395","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9751515","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9751608","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9751668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9751733","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9751793","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9751859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9751916","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9752135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9752199","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9752268","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9752337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9752397","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9752463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9752524","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9752611","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9752720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9752774","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9752865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9752987","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9753037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9753123","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9753205","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9754297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9754354","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9754462","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9754545","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9754605","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9754673","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9754731","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9754794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9754852","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9755065","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9755126","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9755190","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9755246","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9755305","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9755372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9755434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9755520","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9755595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9755648","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9755733","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9755854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9755906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9755993","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9756076","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9757103","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9757154","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9757265","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9757342","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9757403","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9757466","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9757527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9757606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9757664","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9757904","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9757968","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9758032","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9758087","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9758146","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9758212","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9758273","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9758358","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9758441","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9758492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9758577","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9758697","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9758747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9758831","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9758911","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9759942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9759994","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9760090","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9760166","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9760223","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9760287","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9760345","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9760408","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9760466","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9760670","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9760729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9760791","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9760846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9760904","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9760970","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9761031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9761124","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9761201","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9761253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9761342","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9761461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9761512","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9761598","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9761678","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9762725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9762782","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9762879","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9762975","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9763034","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9763098","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9763156","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9763220","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9763277","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9763485","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9763545","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9763607","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9763662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9763720","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9763784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9763878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9763963","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9764048","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9764100","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9764211","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9764334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9764385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9764471","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9764550","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9765585","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9765636","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9765730","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9765808","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9765866","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9765929","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9765987","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9766069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9766127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9766334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9766395","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9766457","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9766512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9766570","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9766635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9766695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9766782","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9766859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9766914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9766997","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9767136","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9767186","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9767272","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9767353","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,5328988","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 6184, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:40,8431511","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8431606","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,8431782","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,8431939","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,8432031","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,8432125","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,8432200","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,8432286","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,8432360","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,8432661","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8432745","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,8432837","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,8432909","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,8432987","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,8433075","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,8433153","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,8433285","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,8433410","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8433468","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,8433594","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,8433796","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8433857","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,8433957","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,8434055","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9058335","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9058476","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9058658","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9058739","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9058801","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9058907","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9058972","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9059263","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9059331","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9059414","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9059473","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9059533","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9059602","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9059659","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9059775","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9059852","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9059914","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9060056","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9060117","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9060196","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9824504","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9824597","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9824774","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9824938","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9825033","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9825129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9825196","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9825280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9825355","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9825720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9825791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9825864","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9825923","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9825989","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9826086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9826153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9826257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9826346","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9826398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9826511","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9826676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9826729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9826819","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9826922","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9828135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9828246","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9828348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9828429","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9828489","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9828555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9828633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9828702","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9828761","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9828974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9829034","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9829097","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9829153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9829213","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9829278","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9829339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9829427","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9829502","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9829555","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9829641","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9829765","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9829815","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9829901","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9829983","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9831026","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9831078","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9831176","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9831254","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9831326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9831391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9831448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9831513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9831571","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9831779","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9831840","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9831902","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9831956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9832015","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9832079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9832139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9832223","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9832299","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9832349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9832434","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9832552","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9832603","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9832687","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9832768","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9834581","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9834664","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9834847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9835068","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9835154","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9835240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9835313","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9835385","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9835448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9835793","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9835863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9835947","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9836011","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9836079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9836154","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9836218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9836333","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9836420","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9836473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9836570","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9836736","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9836788","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9836881","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9836972","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9838041","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9838095","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9838270","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9838364","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9838426","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9838494","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9838592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9838659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9838718","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9838945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9839009","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9839074","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9839130","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9839190","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9839256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9839319","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9839410","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9839489","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9839542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9839632","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9839757","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9839810","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9839902","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9839987","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9841049","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9841101","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9841213","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9841292","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9841352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9841418","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9841477","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9841542","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9841600","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9841809","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9841869","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9841931","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9841986","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9842045","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9842111","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9842173","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9842258","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9842334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9842384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9842469","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9842587","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9842636","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9842721","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9842805","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9843918","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9843971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9844067","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9844146","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9844207","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9844272","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9844331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9844396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9844454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9844669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9844729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9844792","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9844846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9844903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9844969","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9845052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9845137","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9845250","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9845311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9845404","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9845539","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9845606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9845707","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9845790","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9846835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9846887","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9846982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9847062","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9847122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9847186","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9847263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9847328","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9847387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9847600","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9847663","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9847726","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9847784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9847842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9847907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9847969","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9848056","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9848144","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9848238","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9848334","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9848461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9848513","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9848597","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9848680","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:41,7111308","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 14720, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:41,7111991","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 4216, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:41,8506085","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8506171","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,8506351","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:41,8506532","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,8506616","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:41,8506708","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:41,8506777","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,8506854","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:41,8506919","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,8507222","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8507298","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:41,8507383","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,8507449","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:41,8507520","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,8507598","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:41,8507665","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,8507782","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:41,8507876","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8507934","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,8508041","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:41,8508221","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8508277","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,8508379","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:41,8508476","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:41,9135710","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9135851","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:41,9136030","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:41,9136146","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:41,9136209","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9136282","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:41,9136339","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9136600","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9136669","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:41,9136752","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,9136812","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:41,9136873","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9136940","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:41,9136998","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9137120","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:41,9137196","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9137263","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:41,9137406","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9137468","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:41,9137548","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:41,9900696","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9900778","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,9900964","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:41,9901138","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,9901216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:41,9901300","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:41,9901362","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9901434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:41,9901496","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9901861","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9901931","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:41,9902007","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,9902065","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:41,9902133","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9902206","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:41,9902270","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9902382","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:41,9902471","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Han
View raw

(Sorry about that, but we can’t show files that are this big right now.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment