Last active
June 29, 2022 14:15
-
-
Save Jaid/ebdb76202ef8ca1589acb3bd5d999f82 to your computer and use it in GitHub Desktop.
BarRaider Stream Deck Extensions Registry Access (analyzed with Sysinternals Process Monitor)
We can't make this file beautiful and searchable because it's too large.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"Time of Day","Process Name","PID","Operation","Path","Result","Detail" | |
"10:28:19,8254308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8254382","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:19,8254501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8254559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8254618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8254687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:19,8254775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8254865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:19,8254944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8254999","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8255088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8255213","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8255266","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8255356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8255438","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:19,8256541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8256605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8256719","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:19,8256807","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8256876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:19,8256984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8257053","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8257122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:19,8257182","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8257394","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8257454","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:19,8257516","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8257574","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8257635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8257714","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:19,8257778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8257865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:19,8257944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8257997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8258113","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8258256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8258310","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8258400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8258483","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:19,8259533","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8259590","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8259690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:19,8259774","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8259835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:19,8259901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8259960","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8260027","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:19,8260160","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8260528","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8260619","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:19,8260721","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8260797","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8260860","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8260931","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:19,8260997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8261097","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:19,8261190","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8261247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8261355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8261542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8261595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8261697","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8261824","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:19,8262953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8263007","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8263112","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:19,8263199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8263265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:19,8263334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8263396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8263462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:19,8263521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8263744","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8263812","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:19,8263912","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8263977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8264037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8264106","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:19,8264169","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8264257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:19,8264334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8264392","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8264482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8264606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8264659","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8264766","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8264864","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:19,8265915","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8265968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8266064","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:19,8266146","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8266205","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:19,8266292","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8266352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8266449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:19,8266517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:19,8266769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8266835","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:19,8266900","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:19,8266956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:19,8267015","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8267081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:19,8267146","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:19,8267236","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:19,8267312","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8267364","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8267451","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8267574","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:19,8267632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:19,8267718","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:19,8267801","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:19,9484491","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 1960, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:20,6923744","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,6923851","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,6924067","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,6924287","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,6924368","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,6924459","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,6924563","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,6924647","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,6924708","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,6925052","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,6925124","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,6925218","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,6925282","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,6925354","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,6925432","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,6925502","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,6925630","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,6925747","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,6925804","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,6925916","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,6926099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,6926157","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,6926256","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,6926356","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,7543420","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 33972, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:20,7555317","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,7555461","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,7555650","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,7555733","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,7555795","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,7555869","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,7555929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,7556181","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,7556252","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,7556342","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,7556432","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,7556499","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,7556609","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,7556674","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,7556797","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,7556876","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,7556944","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,7557081","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,7557144","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,7557227","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8317865","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8317964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8318171","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8318416","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8318505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8318595","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8318659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8318736","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8318798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8319188","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8319261","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8319342","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8319402","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8319469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8319554","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8319618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8319738","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8319829","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8319883","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8319982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8320160","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8320212","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8320307","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8320398","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8321701","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8321756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8321857","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8321941","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8322003","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8322069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8322129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8322195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8322253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8322473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8322535","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8322599","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8322655","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8322717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8322784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8322847","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8322935","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8323012","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8323065","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8323154","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8323275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8323327","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8323414","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8323497","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8324556","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8324608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8324703","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8324781","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8324840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8324951","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8325039","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8325109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8325167","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8325383","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8325445","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8325511","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8325566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8325625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8325692","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8325755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8325839","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8325917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8325968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8326062","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8326204","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8326260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8326369","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8326499","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8327564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8327616","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8327711","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8327789","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8327849","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8327920","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8327979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8328044","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8328104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8328315","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8328376","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8328440","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8328497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8328556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8328622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8328683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8328771","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8328854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8328905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8328990","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8329110","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8329163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8329249","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8329332","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8330384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8330436","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8330549","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8330625","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8330689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8330754","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8330814","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8330877","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8330936","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8331148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8331209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8331272","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8331328","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8331415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8331484","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8331546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8331633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8331710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8331761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8331847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8331969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8332020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8332105","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8332202","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8333260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8333313","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8333407","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8333484","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8333545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8333609","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8333687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8333752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8333810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8334020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8334080","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8334143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8334199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8334259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8334325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8334404","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8334491","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8334569","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8334622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8334710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8334887","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8334942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8335032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8335115","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8336219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8336272","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8336366","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8336475","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8336535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8336601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8336661","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8336726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8336787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8337002","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8337067","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8337132","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8337188","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8337248","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8337315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8337377","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8337464","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8337541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8337594","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8337701","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8337831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8337884","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8337985","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8338069","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:20,8339126","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8339179","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8339273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:20,8339351","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8339410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:20,8339476","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8339536","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8339603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:20,8339662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:20,8339872","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8339934","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:20,8339996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:20,8340052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:20,8340112","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8340178","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:20,8340239","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:20,8340325","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:20,8340402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8340454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8340539","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8340658","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:20,8340715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:20,8340802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:20,8340884","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,6998615","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,6998725","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,6998898","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,6999087","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,6999191","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,6999453","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,6999642","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,6999762","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,6999827","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,7000207","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,7000299","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,7000417","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,7000488","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,7000560","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,7000651","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,7000730","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,7000931","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,7001264","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,7001353","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,7001550","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,7001840","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,7001893","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,7002000","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,7002140","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,7628686","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,7628853","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,7629037","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,7629130","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,7629195","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,7629267","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,7629326","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,7629603","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,7629680","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,7629781","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,7629977","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,7630043","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,7630141","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,7630201","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,7630316","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,7630426","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,7630503","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,7630646","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,7630720","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,7630823","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8392835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8392929","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8393124","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8393316","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8393410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8393512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8393588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8393675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8393749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8394163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8394245","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8394335","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8394433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8394514","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8394601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8394681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8394814","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8394920","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8394986","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8395109","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8395308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8395399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8395517","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8395633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8397161","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8397246","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8397384","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8397487","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8397563","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8397646","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8397719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8397799","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8397871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8398144","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8398219","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8398298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8398367","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8398439","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8398522","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8398596","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8398707","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8398801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8398864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8398988","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8399137","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8399200","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8399319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8399422","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8400729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8400792","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8400908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8401057","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8401132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8401212","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8401304","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8401542","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8401760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8402242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8402334","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8402455","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8402520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8402588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8402668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8402734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8402849","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8402945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8403004","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8403134","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8403333","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8403386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8403482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8403577","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8404997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8405054","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8405181","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8405284","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8405363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8405436","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8405511","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8405590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8405651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8405874","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8405938","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8406004","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8406059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8406118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8406186","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8406247","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8406334","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8406445","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8406503","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8406600","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8406725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8406777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8406865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8406948","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8408147","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8408218","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8408373","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8408483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8408588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8408672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8408749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8408821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8408879","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8409115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8409178","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8409245","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8409305","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8409363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8409430","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8409493","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8409581","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8409660","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8409710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8409798","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8409924","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8409975","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8410059","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8410141","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8411222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8411275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8411370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8411504","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8411564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8411630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8411705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8411770","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8411827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8412042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8412104","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8412169","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8412226","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8412284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8412349","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8412409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8412496","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8412611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8412669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8412784","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8412953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8413030","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8413150","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8413263","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8414443","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8414499","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8414606","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8414692","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8414752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8414820","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8414878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8414941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8414999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8415232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8415293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8415356","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8415413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8415496","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8415562","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8415622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8415711","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8415790","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8415841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8415927","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8416051","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8416102","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8416185","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8416267","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:21,8417361","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8417413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8417509","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:21,8417586","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8417645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:21,8417708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8417767","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8417830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:21,8417889","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:21,8418099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8418158","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:21,8418220","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:21,8418274","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:21,8418332","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8418398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:21,8418461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:21,8418545","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:21,8418622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8418673","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8418758","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8418876","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:21,8418927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:21,8419010","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:21,8419091","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,0408484","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 28164, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:22,7072988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7073152","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,7073457","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,7073693","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,7073801","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,7073938","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,7074002","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,7074074","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,7074136","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,7074521","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7074751","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,7074892","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,7074982","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,7075062","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,7075194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,7075272","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,7075407","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,7075522","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7075579","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,7075710","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,7075924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7075988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,7076096","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,7076224","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,7703530","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7703673","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,7703855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,7703958","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,7704055","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,7704137","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,7704197","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,7704493","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7704562","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,7704652","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,7704713","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,7704777","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,7704849","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,7704912","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,7705029","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,7705109","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7705172","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,7705318","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,7705380","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,7705489","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8467692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8467817","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8468030","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8468276","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8468368","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8468463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8468535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8468612","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8468725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8469276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8469360","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8469452","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8469662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8469742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8469826","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8469899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8470057","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8470168","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8470230","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8470339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8470527","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8470587","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8470690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8470795","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8472226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8472308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8472426","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8472518","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8472583","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8472657","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8472722","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8472795","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8472861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8473112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8473180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8473250","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8473311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8473389","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8473461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8473527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8473622","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8473706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8473763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8473862","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8474008","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8474059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8474144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8474226","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8475297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8475349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8475446","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8475521","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8475579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8475725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8475785","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8475848","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8475906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8476122","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8476187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8476253","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8476311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8476372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8476470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8476538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8476627","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8476706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8476758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8476933","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8477060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8477113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8477199","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8477281","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8478331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8478524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8478638","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8478723","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8478833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8478900","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8478958","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8479029","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8479086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8479309","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8479402","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8479471","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8479529","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8479587","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8479653","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8479721","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8479815","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8479896","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8479976","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8480070","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8480196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8480253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8480343","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8480427","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8481515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8481570","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8481667","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8481752","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8481821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8481888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8481948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8482010","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8482070","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8482289","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8482356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8482420","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8482475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8482532","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8482598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8482659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8482750","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8482827","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8482879","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8482965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8483090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8483145","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8483228","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8483331","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8484421","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8484476","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8484569","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8484646","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8484705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8484787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8484846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8484909","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8484968","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8485177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8485241","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8485305","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8485373","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8485432","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8485499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8485566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8485656","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8485731","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8485786","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8485871","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8485989","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8486042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8486128","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8486209","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8487271","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8487325","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8487422","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8487501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8487559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8487624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8487683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8487746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8487803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8488052","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8488119","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8488183","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8488256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8488315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8488406","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8488469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8488559","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8488643","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8488704","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8488792","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8488914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8488964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8489055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8489136","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:22,8490172","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8490226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8490319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:22,8490394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8490453","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:22,8490521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8490582","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8490645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:22,8490703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:22,8490913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8490975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:22,8491048","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:22,8491110","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:22,8491170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8491236","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:22,8491296","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:22,8491411","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:22,8491491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8491543","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8491629","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8491755","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:22,8491807","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:22,8491911","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:22,8491993","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,4512698","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4744" | |
"10:28:23,5598458","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 18948" | |
"10:28:23,5598757","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 10116" | |
"10:28:23,5601506","com.barraider.voicemeeter.exe","8808","TCP Send","kubernetes.docker.internal:60488 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51955887, endtime: 51955887, seqnum: 0, connid: 0" | |
"10:28:23,5602286","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 2900" | |
"10:28:23,7148484","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7148672","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,7148946","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,7149188","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,7149309","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,7149460","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,7149550","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,7149667","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,7149759","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,7150187","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7150298","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,7150419","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,7150513","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,7150621","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,7150749","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,7150845","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,7151012","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,7151241","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7151515","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,7151704","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,7152040","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7152096","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,7152196","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,7152333","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,7778981","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7779112","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,7779289","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,7779419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,7779516","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,7779596","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,7779656","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,7779939","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7780010","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,7780092","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,7780154","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,7780216","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,7780311","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,7780371","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,7780494","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,7780575","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7780639","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,7780770","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,7780834","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,7780932","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8542996","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8543125","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8543401","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8543649","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8543774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8543907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8543996","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8544096","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8544183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8544676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8544795","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8544922","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8545013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8545118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8545229","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8545322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8545487","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8545613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8545688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8545860","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8546094","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8546169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8546313","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8546490","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8548130","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8548219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8548400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8548535","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8548633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8548737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8548825","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8548923","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8549012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8549352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8549450","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8549551","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8549638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8549740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8549841","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8549929","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8550063","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8550180","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8550257","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8550396","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8550583","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8550662","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8550797","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8550931","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8552415","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8552492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8552650","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8552788","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8552882","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8553013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8553122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8553220","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8553325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8553685","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8553787","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8553889","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8553972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8554063","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8554165","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8554257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8554400","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8554523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8554611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8554753","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8554938","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8555015","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8555203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8555354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8556848","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8556927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8557084","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8557235","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8557326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8557422","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8557505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8557598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8557681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8558003","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8558106","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8558205","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8558289","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8558376","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8558470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8558556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8558690","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8558810","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8558895","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8559038","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8559223","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8559300","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8559433","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8559567","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8561019","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8561107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8561259","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8561412","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8561512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8561611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8561697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8561798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8561888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8562228","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8562327","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8562434","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8562516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8562607","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8562710","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8562801","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8562941","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8563060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8563141","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8563274","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8563486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8563564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8563722","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8563868","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8565324","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8565405","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8565563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8565687","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8565783","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8565899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8565988","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8566085","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8566174","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8566535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8566642","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8566747","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8566839","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8566948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8567052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8567138","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8567273","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8567402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8567484","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8567632","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8567822","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8567905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8568039","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8568176","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8569633","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8569717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8569868","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8570002","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8570091","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8570195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8570280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8570374","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8570459","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8570777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8570872","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8570970","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8571097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8571191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8571297","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8571417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8571561","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8571678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8571763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8571904","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8572090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8572169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8572303","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8572441","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:23,8573913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8573992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8574156","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:23,8574280","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8574369","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:23,8574462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8574550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8574649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:23,8574734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:23,8575053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8575157","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:23,8575263","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:23,8575354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:23,8575446","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8575550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:23,8575645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:23,8575779","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:23,8575894","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8575980","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8576120","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8576316","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:23,8576434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:23,8576579","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:23,8576732","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,6603992","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" | |
"10:28:24,6604205","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A" | |
"10:28:24,6604284","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","" | |
"10:28:24,6605348","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" | |
"10:28:24,6605657","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A" | |
"10:28:24,6605762","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","" | |
"10:28:24,6606802","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: 0, OpenResult: Opened" | |
"10:28:24,6607156","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 0, Length: 0, Priority: Normal" | |
"10:28:24,6607340","com.barraider.obstools.exe","7132","QueryStandardInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","AllocationSize: 143.360, EndOfFile: 142.497, NumberOfLinks: 1, DeletePending: False, Directory: False" | |
"10:28:24,6607446","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 142.497, Length: 79, Priority: Normal" | |
"10:28:24,6608559","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","" | |
"10:28:24,7222924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7223008","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,7223198","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,7223387","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,7223466","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,7223548","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,7223609","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,7223679","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,7223740","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,7224043","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7224112","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,7224186","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,7224243","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,7224308","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,7224378","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,7224441","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,7224550","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,7224639","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7224690","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,7224786","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,7224964","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7225014","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,7225103","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,7225193","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,7853050","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7853200","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,7853391","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,7853503","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,7853565","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,7853637","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,7853696","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,7853970","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7854040","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,7854127","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,7854187","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,7854249","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,7854319","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,7854400","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,7854519","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,7854595","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7854660","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,7854803","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,7854867","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,7854950","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8617515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8617605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8617790","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8617972","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8618052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8618141","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8618209","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8618290","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8618350","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8618734","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8618805","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8618881","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8618978","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8619054","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8619129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8619194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8619310","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8619399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8619451","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8619577","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8619746","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8619797","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8619891","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8619984","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8621197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8621252","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8621353","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8621467","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8621527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8621615","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8621674","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8621738","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8621796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8622014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8622075","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8622140","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8622194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8622253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8622322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8622382","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8622467","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8622542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8622592","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8622678","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8622798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8622849","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8622932","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8623012","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8624057","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8624108","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8624203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8624277","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8624334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8624397","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8624454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8624517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8624573","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8624781","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8624843","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8624905","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8624959","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8625018","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8625083","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8625143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8625225","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8625301","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8625352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8625434","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8625567","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8625617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8625702","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8625787","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8627097","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8627165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8627320","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8627435","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8627518","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8627589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8627649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8627716","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8627775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8628035","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8628101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8628170","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8628227","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8628288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8628354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8628417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8628518","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8628599","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8628651","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8628744","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8628882","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8628932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8629020","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8629106","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8630156","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8630206","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8630300","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8630380","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8630472","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8630555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8630617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8630682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8630740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8630964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8631024","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8631088","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8631159","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8631218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8631282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8631342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8631457","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8631535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8631586","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8631672","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8631793","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8631843","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8631926","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8632011","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8633148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8633199","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8633293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8633368","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8633426","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8633489","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8633546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8633611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8633668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8633875","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8633935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8633996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8634051","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8634109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8634172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8634231","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8634316","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8634397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8634452","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8634543","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8634665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8634715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8634802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8634888","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8635942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8635992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8636101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8636178","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8636235","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8636298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8636355","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8636447","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8636506","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8636720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8636779","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8636843","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8636898","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8636956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8637021","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8637081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8637166","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8637242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8637291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8637374","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8637491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8637541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8637624","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8637705","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,8638764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8638814","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8638906","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:24,8639000","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8639058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:24,8639136","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8639193","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8639255","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:24,8639312","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:24,8639516","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8639575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:24,8639637","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:24,8639691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:24,8639749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8639812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:24,8639871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:24,8639954","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:24,8640028","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8640079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8640196","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8640328","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:24,8640379","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:24,8640477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:24,8640563","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:24,9548917","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 4744, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:25,0633995","com.barraider.voicemeeter.exe","8808","Thread Exit","","SUCCESS","Thread ID: 10116, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:25,1562619","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 34356, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:25,1716748","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:25,5282649","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 30620" | |
"10:28:25,5283047","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 16784" | |
"10:28:25,5285594","com.barraider.twitchtools.exe","36544","TCP Send","kubernetes.docker.internal:60487 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51956084, endtime: 51956084, seqnum: 0, connid: 0" | |
"10:28:25,5286857","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 8000" | |
"10:28:25,6911649","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:25,7297923","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7298011","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,7298191","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,7298381","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,7298478","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,7298592","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,7298796","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,7299155","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,7299228","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,7299632","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7299744","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,7299879","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,7299943","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,7300011","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,7300092","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,7300159","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,7300280","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,7300553","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7300627","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,7300770","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,7301033","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7301090","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,7301215","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,7301346","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,7927386","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7927516","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,7927690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,7927772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,7927844","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,7927946","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,7928004","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,7928273","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7928348","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,7928509","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,7928578","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,7928641","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,7928711","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,7928771","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,7928888","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,7928983","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7929051","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,7929220","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,7929284","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,7929373","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8692551","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8692644","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8692854","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8693052","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8693161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8693254","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8693320","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8693499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8693794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8694303","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8694405","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8694530","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8694597","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8694664","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8694744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8694813","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8694940","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8695034","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8695098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8695222","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8695419","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8695486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8695620","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8695721","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8697165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8697253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8697365","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8697479","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8697544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8697625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8697687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8697765","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8697827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8698059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8698129","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8698199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8698257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8698315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8698381","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8698443","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8698536","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8698618","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8698678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8698776","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8698902","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8698960","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8699049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8699134","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8700198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8700255","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8700355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8700442","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8700516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8700584","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8700658","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8700737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8700796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8701011","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8701076","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8701143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8701218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8701279","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8701345","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8701435","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8701524","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8701613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8701716","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8701833","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8701969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8702066","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8702164","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8702254","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8703314","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8703381","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8703483","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8703562","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8703633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8703699","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8703758","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8703830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8703917","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8704134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8704198","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8704300","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8704360","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8704421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8704487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8704556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8704684","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8704764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8704816","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8704908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8705031","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8705083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8705169","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8705272","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8706322","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8706406","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8706505","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8706619","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8706684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8706752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8706811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8706875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8706943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8707159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8707226","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8707298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8707363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8707423","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8707490","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8707551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8707637","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8707717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8707769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8707864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8707988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8708075","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8708167","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8708257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8709337","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8709398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8709495","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8709575","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8709635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8709701","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8709760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8709835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8709894","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8710113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8710187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8710278","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8710366","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8710434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8710533","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8710662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8710758","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8710837","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8710891","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8710982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8711111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8711164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8711258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8711341","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8712425","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8712481","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8712583","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8712664","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8712763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8712833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8712891","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8712961","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8713037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8713256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8713326","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8713393","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8713450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8713509","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8713576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8713638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8713723","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8713803","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8713859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8713956","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8714079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8714134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8714239","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8714326","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:25,8715386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8715557","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8715662","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:25,8715741","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8715803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:25,8715868","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8715928","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8715993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:25,8716052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:25,8716263","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8716358","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:25,8716483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:25,8716549","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:25,8716613","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8716680","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:25,8716804","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:25,8717007","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:25,8717131","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8717198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8717315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8717486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:25,8717539","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:25,8717705","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:25,8717820","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,2041656","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:26,7086508","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:26,7087140","com.barraider.obstools.exe","7132","TCP Disconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:26,7091792","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7092801","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 6800" | |
"10:28:26,7093367","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 14720" | |
"10:28:26,7095002","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7095672","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4216" | |
"10:28:26,7096098","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7096887","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7097331","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7097795","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7098200","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7098642","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7099076","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7099504","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7099905","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7100328","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7100767","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7101164","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7101584","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7102054","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0" | |
"10:28:26,7373098","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,7373262","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,7373525","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,7373749","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,7373856","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,7373969","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,7374058","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,7374153","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,7374231","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,7374589","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,7374678","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,7374778","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,7374859","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,7375079","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,7375194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,7375276","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,7375427","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,7375592","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,7375667","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,7375797","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,7376024","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,7376099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,7376223","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,7376352","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8002355","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8002487","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8002690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8002772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8002831","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8002905","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8002962","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8003210","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8003279","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8003357","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8003417","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8003496","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8003564","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8003623","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8003729","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8003807","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8003869","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8004005","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8004066","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8004146","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8767684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8767785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8767994","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8768198","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8768281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8768387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8768455","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8768527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8768588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8768974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8769098","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8769203","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8769269","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8769337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8769411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8769488","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8769631","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8769745","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8769832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8769949","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8770135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8770189","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8770284","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8770379","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8771684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8771743","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8771864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8771949","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8772012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8772079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8772139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8772204","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8772282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8772508","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8772570","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8772635","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8772691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8772751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8772819","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8772881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8772968","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8773047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8773100","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8773204","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8773331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8773384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8773473","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8773556","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8774640","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8774695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8774791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8774871","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8774933","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8774997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8775057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8775122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8775181","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8775397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8775458","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8775523","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8775586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8775645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8775718","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8775779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8775865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8775949","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8776001","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8776088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8776209","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8776260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8776349","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8776463","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8777525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8777577","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8777671","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8777751","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8777810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8777875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8777934","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8777999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8778057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8778270","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8778330","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8778394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8778450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8778508","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8778575","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8778637","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8778722","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8778798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8778850","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8778936","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8779056","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8779107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8779197","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8779283","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8780360","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8780413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8780560","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8780647","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8780712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8780779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8780840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8780907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8780983","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8781197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8781258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8781323","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8781407","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8781470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8781538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8781600","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8781687","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8781765","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8781818","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8781905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8782044","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8782096","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8782183","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8782270","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8783332","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8783385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8783480","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8783557","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8783617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8783684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8783743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8783810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8783869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8784082","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8784144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8784207","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8784263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8784343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8784412","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8784475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8784562","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8784639","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8784692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8784778","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8784898","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8784951","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8785052","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8785135","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8786196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8786247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8786348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8786458","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8786520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8786590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8786650","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8786715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8786775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8786988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8787049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8787113","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8787168","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8787228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8787295","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8787358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8787444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8787524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8787575","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8787683","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8787804","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8787856","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8787965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8788049","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:26,8789105","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8789159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8789273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:26,8789350","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8789409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:26,8789482","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8789557","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8789632","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:26,8789719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:26,8789968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8790033","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:26,8790099","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:26,8790155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:26,8790215","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8790283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:26,8790347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:26,8790470","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:26,8790553","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8790608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8790710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8790831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:26,8790897","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:26,8790997","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:26,8791082","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,0322869","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 16784, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:27,7448185","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,7448276","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,7448476","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,7448676","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,7448770","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,7448860","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,7448923","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,7448994","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,7449055","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,7449387","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,7449472","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,7449577","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,7449652","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,7449724","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,7449799","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,7449879","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,7450020","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,7450118","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,7450179","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,7450281","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,7450459","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,7450530","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,7450634","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,7450732","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8079732","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8079885","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8080048","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8080126","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8080190","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8080259","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8080350","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8080679","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8080757","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8080845","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8080906","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8080969","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8081038","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8081098","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8081211","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8081287","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8081351","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8081824","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8081957","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8082133","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8842946","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8843039","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8843276","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8843472","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8843558","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8843652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8843716","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8843791","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8843851","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8844243","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8844312","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8844391","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8844449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8844519","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8844592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8844697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8844819","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8844913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8844969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8845072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8845271","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8845324","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8845421","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8845513","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8846795","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8846849","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8846952","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8847038","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8847117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8847184","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8847245","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8847311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8847386","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8847613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8847674","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8847740","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8847799","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8847857","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8847925","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8847986","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8848074","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8848152","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8848204","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8848293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8848420","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8848472","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8848563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8848645","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8849706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8849758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8849854","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8849932","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8849991","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8850056","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8850116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8850182","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8850240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8850451","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8850512","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8850574","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8850630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8850689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8850756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8850858","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8850953","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8851032","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8851083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8851173","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8851296","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8851348","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8851458","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8851542","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8853878","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8853934","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8854038","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8854127","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8854191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8854258","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8854317","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8854381","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8854440","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8854669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8854733","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8854798","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8854854","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8854914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8854979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8855041","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8855132","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8855211","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8855262","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8855350","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8855473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8855525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8855612","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8855695","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8856786","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8856840","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8856934","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8857035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8857095","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8857160","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8857219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8857283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8857358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8857570","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8857631","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8857695","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8857751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8857810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8857874","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8857935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8858021","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8858098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8858148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8858235","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8858356","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8858409","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8858493","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8858575","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8859617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8859670","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8859768","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8859843","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8859901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8859966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8860025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8860089","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8860147","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8860357","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8860417","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8860479","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8860534","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8860593","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8860659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8860720","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8860805","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8860881","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8860932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8861018","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8861136","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8861187","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8861272","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8861354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8862434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8862487","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8862580","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8862656","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8862715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8862779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8862869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8862937","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8862998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8863209","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8863270","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8863333","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8863389","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8863448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8863514","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8863579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8863671","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8863753","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8863805","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8863891","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8864009","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8864062","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8864146","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8864229","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:27,8865290","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8865343","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8865440","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:27,8865516","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8865592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:27,8865657","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8865717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8865782","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:27,8865856","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:27,8866067","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8866127","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:27,8866190","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:27,8866263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:27,8866323","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8866417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:27,8866481","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:27,8866567","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:27,8866647","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8866699","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8866786","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8866906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:27,8866958","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:27,8867043","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:27,8867125","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,2099052","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 6800, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:28,4578058","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 36212" | |
"10:28:28,7522755","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,7522863","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,7523102","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,7523316","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,7523413","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,7523528","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,7523606","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,7523694","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,7523770","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,7524124","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,7524210","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,7524302","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,7524376","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,7524457","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,7524547","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,7524625","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,7524771","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,7524881","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,7524951","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,7525073","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,7525271","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,7525337","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,7525477","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,7525701","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8152840","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8152976","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8153159","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8153264","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8153325","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8153401","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8153459","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8153717","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8153787","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8153870","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8153929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8153992","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8154060","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8154142","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8154251","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8154328","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8154391","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8154525","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8154585","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8154666","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8917541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8917626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8917846","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8918014","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8918097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8918183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8918248","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8918322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8918385","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8918756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8918826","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8918900","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8918960","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8919029","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8919127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8919194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8919300","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8919390","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8919444","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8919538","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8919704","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8919758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8919852","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8919942","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8921166","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8921217","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8921315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8921434","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8921497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8921564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8921624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8921707","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8921766","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8921984","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8922045","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8922112","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8922168","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8922226","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8922293","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8922356","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8922444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8922523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8922615","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8922712","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8922841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8922893","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8922981","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8923070","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8924135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8924189","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8924290","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8924368","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8924428","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8924495","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8924555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8924624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8924683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8924894","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8924959","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8925023","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8925080","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8925140","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8925205","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8925268","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8925354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8925433","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8925486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8925575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8925700","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8925751","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8925855","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8925939","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8927024","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8927076","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8927186","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8927264","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8927325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8927391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8927451","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8927515","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8927574","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8927783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8927847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8927910","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8927966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8928025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8928096","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8928161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8928248","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8928325","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8928379","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8928479","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8928602","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8928654","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8928741","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8928824","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8929873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8929925","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8930019","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8930096","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8930155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8930221","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8930281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8930363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8930423","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8930630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8930691","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8930754","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8930810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8930870","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8930935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8930997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8931084","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8931160","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8931212","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8931299","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8931448","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8931501","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8931588","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8931672","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8932717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8932769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8932863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8932940","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8932998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8933067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8933127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8933199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8933259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8933501","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8933563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8933628","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8933684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8933744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8933812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8933876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8933964","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8934041","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8934094","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8934180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8934299","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8934353","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8934439","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8934522","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8935576","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8935628","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8935741","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8935817","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8935876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8935941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8936000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8936064","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8936123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8936331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8936419","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8936486","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8936544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8936604","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8936670","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8936752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8936838","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8936917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8936969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8937054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8937177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8937229","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8937317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8937399","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:28,8938442","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8938494","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8938587","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:28,8938683","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8938742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:28,8938806","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8938866","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8938944","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:28,8939004","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:28,8939214","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8939274","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:28,8939338","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:28,8939394","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:28,8939453","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8939523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:28,8939585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:28,8939673","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:28,8939752","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8939808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8939893","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8940012","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:28,8940080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:28,8940180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:28,8940262","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,7598470","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,7598717","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,7599003","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,7599242","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,7599344","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,7599456","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,7599537","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,7599626","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,7599703","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,7600088","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,7600185","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,7600285","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,7600362","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,7600446","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,7600541","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,7600629","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,7600770","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,7600886","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,7600956","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,7601084","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,7601303","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,7601368","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,7601526","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,7601634","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,8228495","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8228635","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,8228823","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,8228908","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,8228968","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,8229038","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,8229097","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,8229366","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8229438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,8229520","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,8229582","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,8229646","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,8229752","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,8229812","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,8229924","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,8230001","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8230066","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,8230204","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8230265","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,8230347","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,8992572","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8992662","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,8992876","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,8993068","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,8993177","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,8993269","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,8993337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,8993415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,8993481","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,8993873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8993950","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,8994033","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,8994099","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,8994171","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,8994250","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,8994321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,8994442","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,8994537","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8994596","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,8994703","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,8994889","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8994945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,8995046","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,8995148","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,8996889","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8996988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,8997240","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,8997430","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,8997521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,8997610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,8997673","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,8997778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,8997842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,8998222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8998295","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,8998373","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,8998433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,8998501","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,8998576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,8998640","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,8998761","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,8998851","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8998907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,8999007","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,8999202","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,8999254","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,8999348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,8999440","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,9000854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9000907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9001007","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,9001089","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9001151","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,9001219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9001278","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9001343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,9001449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9001688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9001752","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,9001819","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9001875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9001974","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9002049","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,9002117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9002213","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,9002300","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9002351","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9002442","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9002573","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9002625","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9002713","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9002801","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,9003873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9003924","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9004026","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,9004103","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9004162","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,9004230","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9004288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9004353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,9004411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9004627","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9004687","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,9004750","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9004806","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9004864","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9004931","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,9004994","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9005080","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,9005159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9005210","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9005296","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9005416","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9005468","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9005554","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9005635","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,9006752","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9006808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9006905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,9006984","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9007045","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,9007111","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9007170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9007259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,9007319","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9007543","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9007603","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,9007667","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9007723","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9007783","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9007848","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,9007911","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9007997","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,9008074","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9008126","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9008216","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9008338","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9008389","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9008477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9008560","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,9009607","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9009658","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9009753","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,9009850","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9009908","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,9009973","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9010032","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9010097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,9010155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9010365","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9010424","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,9010487","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9010543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9010602","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9010684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,9010746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9010829","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,9010907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9010959","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9011046","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9011165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9011216","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9011317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9011440","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,9012510","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9012563","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9012664","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,9012741","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9012817","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,9012918","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9012980","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9013054","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,9013117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9013333","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9013401","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,9013467","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9013523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9013584","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9013652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,9013713","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9013802","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,9013879","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9013931","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9014017","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9014143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9014195","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9014281","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9014365","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,9015407","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9015460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9015553","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:29,9015628","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9015687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:29,9015752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9015811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9015895","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:29,9015954","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:29,9016163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9016223","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:29,9016286","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:29,9016342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:29,9016445","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9016524","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:29,9016591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:29,9016679","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:29,9016761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9016813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9016919","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9017047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:29,9017099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:29,9017201","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:29,9017284","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:29,9614077","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 36212, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:30,7672698","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 35168" | |
"10:28:30,7672811","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,7672923","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,7673149","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,7673356","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,7673438","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,7673526","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,7673592","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,7673665","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,7673727","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,7674045","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,7674122","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,7674207","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,7674269","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,7674336","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,7674412","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,7674484","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,7674609","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,7674702","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,7674756","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,7674856","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,7675023","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,7675074","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,7675201","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,7675295","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,8302367","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,8302536","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,8302755","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,8302855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,8302929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,8303016","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,8303128","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,8303442","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,8303532","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,8303640","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,8303717","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,8303808","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,8303880","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,8303938","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,8304056","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,8304133","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,8304197","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,8304327","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,8304390","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,8304474","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9067852","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9067949","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9068224","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9068472","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9068567","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9068688","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9068766","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9068841","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9068903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9069291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9069369","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9069453","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9069513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9069585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9069666","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9069732","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9069856","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9069953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9070006","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9070105","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9070279","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9070331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9070426","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9070522","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9072882","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9072939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9073072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9073161","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9073225","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9073294","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9073357","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9074132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9074221","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9074496","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9074564","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9074637","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9074697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9074760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9074828","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9074890","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9074982","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9075061","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9075114","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9075209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9075365","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9075417","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9075510","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9075596","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9076758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9076812","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9076910","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9076990","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9077050","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9077116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9077176","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9077240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9077298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9077512","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9077571","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9077635","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9077690","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9077749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9077821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9077885","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9077970","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9078047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9078098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9078184","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9078304","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9078355","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9078440","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9078523","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9079571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9079622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9079721","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9079798","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9079861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9079925","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9079983","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9080046","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9080104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9080311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9080370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9080435","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9080491","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9080550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9080653","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9080719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9080808","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9080888","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9080939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9081026","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9081149","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9081201","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9081288","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9081444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9082506","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9082559","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9082657","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9082736","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9082796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9082861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9082921","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9083005","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9083065","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9083276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9083339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9083403","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9083460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9083519","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9083586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9083648","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9083734","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9083811","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9083864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9083952","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9084076","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9084129","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9084215","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9084299","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9085401","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9085454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9085551","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9085652","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9085712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9085779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9085837","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9085902","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9085964","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9086173","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9086234","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9086297","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9086354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9086462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9086531","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9086594","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9086682","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9086760","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9086813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9086900","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9087022","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9087073","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9087158","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9087244","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9088296","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9088349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9088444","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9088521","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9088579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9088649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9088708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9088772","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9088831","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9089038","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9089098","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9089160","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9089216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9089276","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9089342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9089403","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9089489","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9089565","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9089618","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9089705","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9089822","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9089873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9089975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9090059","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:30,9091104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9091157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9091266","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:30,9091349","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9091435","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:30,9091502","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9091591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9091675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:30,9091734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:30,9091947","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9092009","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:30,9092072","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:30,9092127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:30,9092185","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9092253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:30,9092314","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:30,9092398","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:30,9092474","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9092525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9092613","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9092731","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:30,9092782","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:30,9092865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:30,9092946","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,7748384","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,7748499","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,7748722","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,7748916","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,7749032","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,7749147","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,7749237","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,7749370","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,7749464","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,7749874","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,7749980","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,7750105","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,7750190","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,7750283","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,7750382","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,7750482","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,7750728","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,7750837","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,7750892","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,7750998","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,7751186","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,7751239","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,7751335","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,7751475","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,8376993","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,8377138","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,8377328","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,8377419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,8377482","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,8377554","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,8377613","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,8377886","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,8377957","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,8378042","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,8378104","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,8378170","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,8378242","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,8378303","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,8378417","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,8378492","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,8378556","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,8378707","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,8378771","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,8378855","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9142734","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9142831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9143055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9143296","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9143386","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9143475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9143544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9143621","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9143685","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9144083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9144157","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9144241","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9144353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9144454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9144536","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9144618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9144757","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9144870","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9144927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9145034","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9145226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9145280","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9145379","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9145472","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9146781","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9146835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9146935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9147020","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9147082","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9147152","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9147213","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9147284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9147343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9147564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9147629","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9147695","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9147753","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9147812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9147880","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9147942","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9148032","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9148110","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9148164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9148254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9148382","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9148435","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9148525","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9148609","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9149688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9149741","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9149837","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9149916","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9149977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9150042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9150101","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9150187","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9150247","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9150462","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9150523","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9150588","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9150645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9150705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9150772","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9150834","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9150925","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9151004","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9151056","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9151144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9151265","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9151318","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9151441","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9151526","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9152588","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9152641","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9152738","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9152815","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9152875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9152941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9153000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9153064","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9153123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9153339","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9153402","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9153469","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9153526","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9153586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9153672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9153735","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9153822","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9153900","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9153952","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9154043","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9154164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9154217","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9154306","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9154388","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9155447","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9155498","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9155596","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9155672","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9155789","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9155859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9155920","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9155984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9156042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9156261","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9156324","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9156419","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9156477","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9156537","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9156603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9156667","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9156753","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9156832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9156885","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9156988","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9157112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9157164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9157251","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9157348","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9158412","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9158465","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9158562","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9158638","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9158697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9158763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9158822","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9158906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9158964","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9159176","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9159238","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9159301","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9159357","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9159416","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9159482","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9159543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9159629","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9159707","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9159758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9159844","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9159963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9160014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9160100","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9160181","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9161234","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9161288","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9161381","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9161485","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9161545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9161610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9161669","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9161744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9161803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9162014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9162075","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9162138","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9162194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9162253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9162321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9162383","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9162469","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9162547","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9162598","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9162683","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9162801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9162853","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9162938","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9163020","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:31,9164082","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9164134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9164229","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:31,9164304","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9164363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:31,9164428","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9164486","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9164551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:31,9164610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:31,9164821","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9164881","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:31,9164944","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:31,9165000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:31,9165058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9165123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:31,9165184","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:31,9165269","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:31,9165346","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9165398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9165563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9165695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:31,9165747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:31,9165837","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:31,9165920","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,2709458","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 35168, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:32,5962832","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 17004" | |
"10:28:32,7822888","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,7822987","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,7823263","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,7823473","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,7823564","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,7823657","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,7823725","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,7823800","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,7823863","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,7824203","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,7824277","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,7824362","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,7824422","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,7824489","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,7824564","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,7824628","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,7824756","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,7824850","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,7824905","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,7825005","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,7825199","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,7825252","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,7825353","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,7825446","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,8452332","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,8452464","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,8452644","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,8452747","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,8452808","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,8452878","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,8452935","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,8453196","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,8453267","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,8453382","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,8453460","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,8453524","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,8453592","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,8453675","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,8453790","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,8453868","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,8453933","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,8454070","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,8454132","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,8454215","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9217783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9217878","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9218099","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9218301","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9218388","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9218502","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9218567","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9218641","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9218703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9219085","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9219159","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9219243","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9219304","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9219372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9219446","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9219510","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9219634","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9219729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9219785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9219894","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9220062","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9220115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9220212","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9220307","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9221608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9221663","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9221764","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9221849","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9221912","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9221979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9222039","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9222103","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9222164","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9222383","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9222446","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9222511","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9222568","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9222628","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9222695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9222756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9222850","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9222927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9222979","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9223085","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9223208","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9223260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9223348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9223432","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9224492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9224545","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9224642","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9224720","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9224778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9224843","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9224902","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9224966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9225025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9225242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9225305","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9225369","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9225425","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9225485","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9225555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9225617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9225702","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9225780","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9225832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9225922","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9226042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9226093","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9226195","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9226278","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9227381","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9227434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9227544","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9227623","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9227682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9227763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9227823","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9227888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9227946","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9228202","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9228281","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9228348","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9228405","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9228465","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9228534","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9228599","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9228688","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9228766","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9228819","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9228905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9229028","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9229080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9229168","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9229252","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9230320","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9230373","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9230468","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9230546","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9230606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9230675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9230735","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9230803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9230863","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9231084","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9231145","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9231209","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9231265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9231325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9231420","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9231487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9231575","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9231653","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9231708","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9231795","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9231917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9231969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9232058","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9232140","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9233192","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9233245","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9233359","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9233437","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9233497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9233563","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9233623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9233687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9233746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9233962","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9234023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9234086","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9234143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9234203","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9234271","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9234351","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9234441","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9234518","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9234571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9234659","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9234783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9234835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9234921","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9235005","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9236055","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9236107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9236203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9236280","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9236339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9236448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9236510","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9236575","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9236635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9236848","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9236910","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9236974","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9237031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9237090","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9237157","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9237219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9237305","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9237382","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9237435","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9237538","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9237680","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9237739","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9237824","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9237909","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:32,9238977","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9239066","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9239164","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:32,9239273","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9239333","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:32,9239398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9239458","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9239522","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:32,9239580","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:32,9239791","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9239852","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:32,9240688","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:32,9240755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:32,9240815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9240881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:32,9240944","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:32,9241031","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:32,9241111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9241163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9241254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9241408","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:32,9241461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:32,9241605","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:32,9241694","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,7899308","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,7899429","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,7899702","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,7900024","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,7900169","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,7900284","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,7900375","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,7900469","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,7900547","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,7900915","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,7901008","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,7901107","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,7901200","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,7901290","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,7901381","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,7901508","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,7901656","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,7901781","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,7901852","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,7902019","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,7902263","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,7902341","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,7902511","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,7902646","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,8530559","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,8530758","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,8530995","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,8531129","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,8531212","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,8531313","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,8531419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,8531736","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,8531812","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,8531906","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,8531981","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,8532047","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,8532120","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,8532181","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,8532294","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,8532372","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,8532438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,8532584","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,8532647","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,8532757","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9292943","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9293048","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9293254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9293500","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9293589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9293689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9293755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9293830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9293892","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9294285","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9294358","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9294442","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9294503","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9294576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9294652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9294724","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9295011","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9295120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9295193","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9295307","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9295520","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9295595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9295709","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9295834","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9297171","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9297225","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9297329","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9297417","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9297479","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9297552","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9297612","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9297682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9297742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9297967","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9298033","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9298102","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9298158","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9298218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9298284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9298347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9298438","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9298517","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9298569","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9298666","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9298815","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9298867","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9298956","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9299039","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9300123","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9300179","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9300280","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9300364","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9300424","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9300490","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9300548","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9300613","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9300672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9300896","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9300957","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9301022","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9301078","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9301175","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9301253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9301314","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9301428","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9301509","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9301562","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9301656","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9302138","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9302194","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9302288","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9302379","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9303758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9303813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9303912","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9304080","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9304142","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9304228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9304288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9304353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9304411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9304632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9304694","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9304759","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9304815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9304893","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9304958","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9305020","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9305109","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9305187","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9305239","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9305332","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9305456","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9305507","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9305592","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9305674","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9306775","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9306830","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9306926","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9307004","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9307067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9307132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9307190","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9307254","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9307311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9307523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9307584","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9307647","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9307703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9307762","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9307830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9307891","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9307976","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9308053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9308104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9308190","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9308311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9308362","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9308448","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9308557","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9309626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9309680","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9309781","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9309861","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9309936","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9310002","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9310061","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9310125","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9310183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9310397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9310614","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9310684","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9310743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9310804","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9310871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9310933","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9311020","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9311099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9311151","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9311241","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9311526","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9311584","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9311674","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9311760","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9313120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9313175","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9313273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9313354","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9313437","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9313527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9313586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9313651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9313709","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9313932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9313993","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9314059","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9314114","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9314172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9314237","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9314298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9314384","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9314462","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9314513","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9314598","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9314725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9314776","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9314861","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9314942","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:33,9316111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9316163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9316259","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:33,9316337","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9316420","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:33,9316486","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9316545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9316608","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:33,9316665","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:33,9316875","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9316936","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:33,9317000","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:33,9317055","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:33,9317113","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9317180","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:33,9317240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:33,9317326","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:33,9317403","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9317454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9317555","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9317676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:33,9317727","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:33,9317812","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:33,9317894","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,1000120","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 17004, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:34,5338022","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 26244" | |
"10:28:34,5803397","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 7520" | |
"10:28:34,5803730","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 24548" | |
"10:28:34,7130133","com.barraider.twitchtools.exe","36544","TCP Send","host.docker.internal:57022 -> ec2-52-32-254-227.us-west-2.compute.amazonaws.com:https","SUCCESS","Length: 35, startime: 51956985, endtime: 51957003, seqnum: 0, connid: 0" | |
"10:28:34,7972922","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,7973059","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,7973542","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,7973810","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,7973933","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,7974049","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,7974149","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,7974251","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,7974370","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,7974776","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,7974886","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,7975001","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,7975086","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,7975188","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,7975297","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,7975392","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,7975555","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,7975685","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,7975767","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,7975921","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,7976161","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,7976234","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,7976435","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,7976586","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,8602614","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,8602774","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,8602980","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,8603070","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,8603177","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,8603253","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,8603313","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,8603595","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,8603667","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,8603761","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,8603826","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,8603891","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,8603980","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,8604044","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,8604170","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,8604254","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,8604322","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,8604464","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,8604529","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,8604618","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9368096","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9368205","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9368409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9368612","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9368703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9368794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9368859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9368935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9369002","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9369412","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9369501","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9369583","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9369644","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9369725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9369811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9369921","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9370049","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9370143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9370208","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9370314","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9370553","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9370609","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9370708","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9370811","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9372158","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9372216","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9372317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9372400","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9372462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9372531","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9372593","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9372659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9372719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9372943","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9373006","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9373073","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9373129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9373263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9373333","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9373398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9373489","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9373566","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9373621","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9373709","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9373833","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9373885","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9373976","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9374060","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9375124","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9375177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9375275","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9375353","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9375413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9375478","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9375538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9375606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9375685","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9375899","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9375961","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9376026","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9376082","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9376143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9376216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9376279","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9376373","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9376483","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9376536","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9376625","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9376748","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9376800","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9376889","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9376973","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9378037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9378091","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9378188","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9378291","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9378353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9378419","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9378480","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9378551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9378610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9378826","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9378887","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9378954","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9379011","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9379072","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9379138","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9379201","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9379289","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9379367","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9379419","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9379505","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9379626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9379678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9379765","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9379848","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9380898","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9380951","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9381054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9381131","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9381206","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9381272","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9381331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9381396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9381487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9381738","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9381806","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9381871","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9381935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9382010","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9382086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9382156","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9382263","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9382347","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9382414","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9382508","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9382630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9382684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9382771","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9382854","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9383912","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9383965","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9384062","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9384139","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9384199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9384265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9384325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9384391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9384470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9384683","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9384745","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9384809","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9384867","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9384926","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9384993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9385056","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9385142","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9385221","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9385274","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9385363","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9385484","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9385538","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9385631","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9385714","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9386806","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9386860","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9386957","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9387035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9387095","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9387163","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9387223","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9387288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9387349","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9387561","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9387626","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9387691","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9387748","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9387808","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9387876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9387938","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9388027","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9388104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9388157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9388243","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9388364","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9388416","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9388502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9388585","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:34,9389641","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9389695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9389792","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:34,9389868","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9389932","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:34,9389998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9390066","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9390133","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:34,9390193","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:34,9390406","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9390469","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:34,9390533","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:34,9390590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:34,9390651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9390737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:34,9390800","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:34,9390887","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:34,9390966","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9391019","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9391107","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9391230","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:34,9391284","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:34,9391370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:34,9391499","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,8048975","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8049060","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,8049269","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,8049473","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,8049555","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,8049646","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,8049711","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,8049783","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,8049843","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,8050156","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8050226","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,8050305","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,8050365","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,8050431","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,8050503","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,8050566","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,8050676","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,8050762","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8050815","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,8050916","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,8051092","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8051144","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,8051240","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,8051333","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,8678552","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8678703","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,8678896","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,8678982","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,8679046","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,8679118","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,8679177","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,8679453","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8679523","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,8679609","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,8679670","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,8679733","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,8679802","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,8679862","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,8680031","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,8680117","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8680183","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,8680321","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,8680428","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,8680514","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9443081","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9443165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9443349","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9443535","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9443618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9443708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9443774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9443884","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9443946","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9444340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9444409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9444489","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9444550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9444619","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9444696","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9444760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9444873","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9444968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9445021","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9445122","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9445301","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9445352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9445476","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9445568","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9446866","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9446918","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9447023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9447109","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9447170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9447238","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9447297","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9447362","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9447421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9447643","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9447704","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9447769","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9447824","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9447884","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9447972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9448035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9448123","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9448206","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9448259","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9448351","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9448473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9448524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9448612","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9448695","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9449756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9449808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9449903","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9450002","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9450062","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9450126","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9450185","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9450249","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9450308","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9450520","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9450584","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9450648","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9450704","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9450763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9450828","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9450890","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9450976","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9451053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9451104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9451190","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9451310","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9451361","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9451477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9451562","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9452617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9452669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9452770","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9452848","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9452906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9452972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9453030","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9453115","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9453174","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9453428","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9453502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9453566","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9453623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9453682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9453748","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9453809","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9453895","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9453971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9454024","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9454110","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9454233","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9454284","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9454373","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9454454","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9455510","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9455561","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9455654","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9455730","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9455788","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9455856","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9455914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9455977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9456035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9456249","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9456309","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9456370","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9456452","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9456512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9456579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9456640","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9456726","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9456805","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9456857","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9456942","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9457064","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9457115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9457200","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9457282","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9458341","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9458393","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9458511","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9458592","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9458651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9458715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9458774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9458836","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9458894","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9459112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9459173","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9459236","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9459291","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9459350","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9459414","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9459476","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9459561","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9459637","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9459688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9459774","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9459912","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9459963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9460047","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9460128","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9461175","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9461227","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9461321","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9461422","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9461485","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9461551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9461609","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9461691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9461750","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9461963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9462023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9462087","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9462142","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9462201","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9462265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9462326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9462413","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9462489","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9462540","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9462624","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9462747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9462798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9462888","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9462986","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:35,9464037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9464116","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9464253","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:35,9464332","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9464390","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:35,9464454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9464513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9464576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:35,9464634","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:35,9464846","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9464906","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:35,9464969","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:35,9465024","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:35,9465083","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9465148","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:35,9465244","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:35,9465331","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:35,9465409","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9465460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9465599","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9465719","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:35,9465770","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:35,9465857","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:35,9465940","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,0374536","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 26244, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:36,0839102","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 24548, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:36,7194112","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" | |
"10:28:36,7194326","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:24, LastWriteTime: 29.06.2022 10:28:24, ChangeTime: 29.06.2022 10:28:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A" | |
"10:28:36,7194421","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","" | |
"10:28:36,7195677","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened" | |
"10:28:36,7195851","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:24, LastWriteTime: 29.06.2022 10:28:24, ChangeTime: 29.06.2022 10:28:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A" | |
"10:28:36,7195934","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","" | |
"10:28:36,7196731","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: 0, OpenResult: Opened" | |
"10:28:36,7197087","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 0, Length: 0, Priority: Normal" | |
"10:28:36,7197227","com.barraider.obstools.exe","7132","QueryStandardInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","AllocationSize: 143.360, EndOfFile: 142.576, NumberOfLinks: 1, DeletePending: False, Directory: False" | |
"10:28:36,7197332","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 142.576, Length: 79, Priority: Normal" | |
"10:28:36,7198237","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","" | |
"10:28:36,8122963","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8123051","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,8123273","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,8123466","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,8123575","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,8123663","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,8123727","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,8123797","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,8123858","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,8124173","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8124246","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,8124322","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,8124383","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,8124451","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,8124526","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,8124589","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,8124708","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,8124801","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8124854","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,8124954","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,8125128","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8125180","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,8125276","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,8125385","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,8755101","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8755310","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,8755620","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,8755754","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,8755855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,8755958","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,8756090","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,8756483","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8756596","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,8756734","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,8756831","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,8756933","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,8757042","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,8757135","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,8757303","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,8757420","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8757533","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,8757743","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,8757848","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,8757973","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9517881","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9517974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9518233","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9518428","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9518523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9518626","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9518701","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9518803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9518878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9519291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9519366","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9519445","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9519504","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9519576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9519650","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9519717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9519837","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9519933","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9519988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9520087","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9520261","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9520315","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9520455","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9520553","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9521864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9521919","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9522023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9522109","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9522172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9522246","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9522308","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9522373","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9522433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9522659","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9522724","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9522789","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9522847","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9522907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9522995","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9523061","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9523153","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9523232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9523285","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9523375","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9523551","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9523609","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9523702","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9523786","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9524858","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9524910","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9525035","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9525117","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9525310","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9525378","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9525438","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9525503","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9525561","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9525783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9525847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9525916","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9525971","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9526031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9526102","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9526164","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9526254","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9526335","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9526388","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9526502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9526630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9526682","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9526767","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9526849","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9527919","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9527971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9528069","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9528148","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9528207","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9528273","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9528331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9528415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9528474","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9528686","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9528749","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9528813","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9528869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9528930","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9528996","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9529059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9529144","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9529232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9529283","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9529370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9529506","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9529557","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9529644","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9529728","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9530789","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9530841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9530935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9531014","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9531074","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9531140","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9531198","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9531263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9531322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9531571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9531636","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9531700","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9531756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9531815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9531881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9531943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9532028","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9532106","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9532162","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9532283","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9532414","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9532466","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9532555","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9532641","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9533715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9533768","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9533863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9533941","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9534001","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9534069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9534131","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9534197","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9534256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9534480","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9534544","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9534609","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9534666","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9534726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9534793","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9534860","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9534948","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9535025","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9535080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9535172","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9535293","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9535344","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9535431","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9535515","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9536611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9536665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9536764","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9536865","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9536927","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9536993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9537052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9537135","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9537196","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9537410","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9537472","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9537537","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9537596","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9537656","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9537726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9537790","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9537879","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9537960","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9538013","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9538117","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9538240","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9538297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9538385","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9538468","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:36,9539527","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9539581","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9539677","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:36,9539754","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9539814","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:36,9539883","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9539943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9540007","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:36,9540067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:36,9540276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9540339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:36,9540403","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:36,9540460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:36,9540520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9540589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:36,9540671","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:36,9540761","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:36,9540840","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9540892","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9540980","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9541135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:36,9541194","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:36,9541280","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:36,9541363","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,2306627","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:37,6028145","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 13496" | |
"10:28:37,6028804","com.barraider.supermacro.exe","35152","TCP Send","kubernetes.docker.internal:60489 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51957292, endtime: 51957292, seqnum: 0, connid: 0" | |
"10:28:37,6029903","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 17968" | |
"10:28:37,7421547","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:37,8198212","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8198329","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,8198595","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,8198832","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,8198945","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,8199062","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,8199151","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,8199252","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,8199325","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,8199793","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8199892","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,8200011","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,8200123","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,8200264","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,8200403","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,8200524","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,8200704","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,8200839","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8200922","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,8201066","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,8201310","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8201374","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,8201551","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,8201687","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,8828942","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8829112","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,8829300","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,8829383","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,8829445","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,8829539","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,8829596","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,8829862","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8829935","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,8830020","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,8830080","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,8830144","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,8830213","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,8830272","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,8830387","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,8830463","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8830529","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,8830662","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,8830724","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,8830807","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9592687","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9592778","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9592961","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9593144","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9593228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9593317","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9593382","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9593458","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9593518","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9593900","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9593975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9594054","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9594113","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9594181","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9594283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9594352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9594473","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9594568","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9594622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9594729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9594899","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9594953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9595045","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9595134","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9596385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9596473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9596575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9596926","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9597059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9597152","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9597219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9597347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9597408","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9597807","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9597897","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9598005","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9598067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9598135","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9598214","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9598281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9598387","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9598481","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9598538","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9598682","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9598877","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9598931","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9599032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9599130","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9600589","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9600644","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9600749","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9600842","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9600903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9600973","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9601033","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9601100","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9601159","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9601380","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9601482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9601551","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9601610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9601672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9601740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9601802","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9601890","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9601972","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9602025","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9602114","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9602245","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9602298","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9602409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9602493","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9603567","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9603619","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9603761","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9603844","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9603905","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9603971","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9604030","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9604094","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9604153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9604370","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9604431","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9604494","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9604551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9604610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9604677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9604741","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9604828","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9604906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9604959","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9605047","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9605172","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9605227","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9605315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9605399","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9606490","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9606542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9606641","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9606718","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9606777","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9606842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9606901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9606984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9607042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9607257","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9607318","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9607381","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9607438","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9607498","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9607570","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9607630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9607718","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9607833","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9607893","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9607981","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9608104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9608157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9608244","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9608328","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9609386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9609439","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9609537","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9609616","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9609677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9609743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9609802","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9609869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9609928","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9610139","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9610200","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9610265","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9610321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9610384","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9610454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9610516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9610603","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9610681","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9610733","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9610819","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9610939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9610991","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9611077","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9611160","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9612249","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9612302","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9612398","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9612476","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9612535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9612601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9612662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9612727","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9612786","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9612996","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9613055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9613120","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9613175","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9613235","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9613302","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9613387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9613474","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9613552","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9613606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9613695","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9613816","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9613867","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9613954","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9614036","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:37,9615088","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9615139","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9615236","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:37,9615349","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9615409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:37,9615475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9615535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9615636","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:37,9615696","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:37,9615910","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9615971","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:37,9616036","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:37,9616093","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:37,9616153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9616218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:37,9616280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:37,9616368","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:37,9616475","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9616530","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9616616","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9616738","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:37,9616791","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:37,9616877","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:37,9616959","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,2536534","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:38,4707974","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 15716" | |
"10:28:38,5637967","com.barraider.voicemeeter.exe","8808","Thread Exit","","SUCCESS","Thread ID: 15976, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:38,7651582","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:38,7652483","com.barraider.obstools.exe","7132","TCP Disconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0" | |
"10:28:38,7657144","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7659120","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7660034","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7660528","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7661232","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7665332","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7666218","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7666831","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7667569","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7668051","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7668462","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7668859","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7669261","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7669647","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7670053","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,7670442","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0" | |
"10:28:38,8273075","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8273165","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,8273371","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,8273569","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,8273653","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,8273742","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,8273807","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,8273880","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,8273941","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,8274259","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8274329","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,8274405","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,8274465","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,8274532","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,8274607","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,8274671","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,8274786","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,8274883","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8274938","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,8275042","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,8275222","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8275274","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,8275368","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,8275462","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,8902298","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8902438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,8902628","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,8902713","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,8902778","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,8902848","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,8902905","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,8903176","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8903246","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,8903331","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,8903392","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,8903454","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,8903526","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,8903622","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,8903746","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,8903823","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8903887","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,8904017","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,8904079","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,8904161","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9667665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9667788","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9668008","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9668242","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9668339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9668451","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9668530","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9668619","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9668695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9669120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9669209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9669304","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9669377","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9669463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9669553","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9669635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9669767","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9669876","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9669941","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9670072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9670274","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9670340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9670460","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9670574","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9672143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9672210","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9672339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9672440","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9672517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9672602","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9672677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9672781","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9672855","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9673128","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9673206","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9673287","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9673358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9673432","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9673513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9673591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9673702","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9673801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9673865","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9674006","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9674157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9674222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9674333","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9674436","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9675755","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9675820","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9675939","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9676035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9676110","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9676191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9676263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9676342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9676448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9676715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9676791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9676869","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9676939","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9677012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9677104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9677178","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9677264","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9677340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9677391","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9677476","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9677596","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9677649","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9677736","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9677817","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9678873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9678925","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9679024","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9679101","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9679177","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9679242","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9679300","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9679364","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9679421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9679632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9679693","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9679756","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9679852","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9679927","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9679992","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9680057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9680144","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9680222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9680275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9680362","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9680482","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9680533","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9680617","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9680700","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9681785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9681838","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9681935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9682011","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9682073","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9682139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9682198","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9682280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9682339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9682549","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9682610","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9682674","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9682729","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9682788","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9682853","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9682914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9683003","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9683079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9683130","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9683216","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9683338","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9683390","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9683477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9683572","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9684623","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9684675","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9684771","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9684847","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9684907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9684976","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9685035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9685100","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9685161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9685367","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9685430","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9685492","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9685564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9685623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9685689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9685751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9685837","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9685914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9685968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9686054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9686173","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9686224","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9686309","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9686420","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9687482","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9687534","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9687628","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9687705","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9687763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9687827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9687887","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9687951","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9688009","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9688224","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9688283","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9688346","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9688401","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9688460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9688525","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9688585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9688673","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9688748","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9688799","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9688883","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9689001","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9689052","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9689137","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9689220","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:38,9690264","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9690316","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9690413","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:38,9690488","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9690581","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:38,9690652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9690712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9690798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:38,9690859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:38,9691070","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9691136","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:38,9691205","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:38,9691262","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:38,9691322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9691413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:38,9691479","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:38,9691624","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:38,9691705","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9691761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9691866","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9691989","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:38,9692042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:38,9692127","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:38,9692210","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,1063885","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 13496, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:39,8349161","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8349255","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,8349473","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,8349666","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,8349758","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,8349859","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,8349932","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,8350021","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,8350091","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,8350428","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8350511","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,8350604","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,8350675","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,8350753","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,8350839","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,8350916","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,8351043","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,8351145","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8351208","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,8351324","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,8351516","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8351577","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,8351686","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,8351854","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,8980158","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8980297","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,8980477","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,8980559","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,8980619","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,8980728","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,8980790","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,8981070","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8981142","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,8981224","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,8981284","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,8981348","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,8981417","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,8981477","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,8981595","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,8981675","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8981740","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,8981870","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,8981932","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,8982013","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9743766","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9743859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9744030","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9744174","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9744256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9744340","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9744470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9744543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9744603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9744961","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9745032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9745105","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9745165","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9745227","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9745301","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9745368","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9745433","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 15716, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:39,9745478","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9745601","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9745682","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9745834","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9746011","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9746061","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9746153","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9746253","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9747460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9747514","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9747610","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9747693","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9747949","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9748058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9748123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9748237","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9748299","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9748640","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9748732","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9748845","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9748905","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9748970","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9749047","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9749116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9749229","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9749319","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9749375","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9749495","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9749681","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9749733","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9749844","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9749936","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9751342","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9751395","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9751515","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9751608","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9751668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9751733","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9751793","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9751859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9751916","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9752135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9752199","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9752268","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9752337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9752397","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9752463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9752524","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9752611","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9752720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9752774","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9752865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9752987","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9753037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9753123","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9753205","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9754297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9754354","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9754462","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9754545","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9754605","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9754673","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9754731","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9754794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9754852","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9755065","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9755126","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9755190","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9755246","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9755305","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9755372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9755434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9755520","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9755595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9755648","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9755733","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9755854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9755906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9755993","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9756076","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9757103","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9757154","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9757265","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9757342","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9757403","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9757466","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9757527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9757606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9757664","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9757904","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9757968","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9758032","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9758087","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9758146","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9758212","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9758273","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9758358","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9758441","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9758492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9758577","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9758697","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9758747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9758831","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9758911","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9759942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9759994","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9760090","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9760166","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9760223","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9760287","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9760345","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9760408","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9760466","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9760670","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9760729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9760791","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9760846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9760904","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9760970","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9761031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9761124","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9761201","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9761253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9761342","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9761461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9761512","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9761598","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9761678","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9762725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9762782","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9762879","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9762975","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9763034","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9763098","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9763156","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9763220","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9763277","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9763485","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9763545","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9763607","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9763662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9763720","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9763784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9763878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9763963","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9764048","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9764100","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9764211","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9764334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9764385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9764471","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9764550","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:39,9765585","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9765636","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9765730","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:39,9765808","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9765866","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:39,9765929","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9765987","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9766069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:39,9766127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:39,9766334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9766395","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:39,9766457","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:39,9766512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:39,9766570","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9766635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:39,9766695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:39,9766782","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:39,9766859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9766914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9766997","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9767136","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:39,9767186","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:39,9767272","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:39,9767353","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,5328988","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 6184, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:40,8431511","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,8431606","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,8431782","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,8431939","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,8432031","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,8432125","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,8432200","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,8432286","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,8432360","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,8432661","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,8432745","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,8432837","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,8432909","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,8432987","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,8433075","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,8433153","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,8433285","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,8433410","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,8433468","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,8433594","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,8433796","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,8433857","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,8433957","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,8434055","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9058335","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9058476","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9058658","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9058739","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9058801","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9058907","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9058972","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9059263","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9059331","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9059414","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9059473","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9059533","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9059602","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9059659","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9059775","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9059852","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9059914","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9060056","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9060117","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9060196","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9824504","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9824597","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9824774","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9824938","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9825033","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9825129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9825196","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9825280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9825355","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9825720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9825791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9825864","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9825923","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9825989","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9826086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9826153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9826257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9826346","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9826398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9826511","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9826676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9826729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9826819","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9826922","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9828135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9828246","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9828348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9828429","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9828489","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9828555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9828633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9828702","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9828761","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9828974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9829034","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9829097","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9829153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9829213","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9829278","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9829339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9829427","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9829502","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9829555","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9829641","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9829765","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9829815","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9829901","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9829983","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9831026","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9831078","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9831176","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9831254","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9831326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9831391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9831448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9831513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9831571","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9831779","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9831840","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9831902","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9831956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9832015","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9832079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9832139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9832223","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9832299","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9832349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9832434","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9832552","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9832603","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9832687","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9832768","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9834581","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9834664","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9834847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9835068","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9835154","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9835240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9835313","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9835385","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9835448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9835793","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9835863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9835947","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9836011","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9836079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9836154","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9836218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9836333","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9836420","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9836473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9836570","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9836736","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9836788","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9836881","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9836972","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9838041","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9838095","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9838270","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9838364","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9838426","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9838494","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9838592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9838659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9838718","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9838945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9839009","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9839074","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9839130","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9839190","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9839256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9839319","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9839410","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9839489","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9839542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9839632","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9839757","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9839810","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9839902","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9839987","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9841049","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9841101","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9841213","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9841292","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9841352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9841418","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9841477","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9841542","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9841600","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9841809","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9841869","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9841931","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9841986","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9842045","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9842111","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9842173","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9842258","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9842334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9842384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9842469","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9842587","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9842636","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9842721","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9842805","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9843918","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9843971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9844067","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9844146","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9844207","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9844272","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9844331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9844396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9844454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9844669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9844729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9844792","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9844846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9844903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9844969","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9845052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9845137","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9845250","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9845311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9845404","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9845539","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9845606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9845707","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9845790","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:40,9846835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9846887","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9846982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:40,9847062","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9847122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:40,9847186","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9847263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9847328","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:40,9847387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:40,9847600","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9847663","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:40,9847726","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:40,9847784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:40,9847842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9847907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:40,9847969","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:40,9848056","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:40,9848144","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9848238","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9848334","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9848461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:40,9848513","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:40,9848597","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:40,9848680","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:41,7111308","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 14720, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:41,7111991","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 4216, User Time: 0.0000000, Kernel Time: 0.0000000" | |
"10:28:41,8506085","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,8506171","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:41,8506351","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:41,8506532","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:41,8506616","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:41,8506708","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:41,8506777","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:41,8506854","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:41,8506919","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:41,8507222","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,8507298","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:41,8507383","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:41,8507449","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:41,8507520","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:41,8507598","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:41,8507665","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:41,8507782","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:41,8507876","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,8507934","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:41,8508041","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:41,8508221","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,8508277","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:41,8508379","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:41,8508476","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:41,9135710","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,9135851","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:41,9136030","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:41,9136146","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:41,9136209","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:41,9136282","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:41,9136339","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:41,9136600","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,9136669","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:41,9136752","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:41,9136812","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:41,9136873","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:41,9136940","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:41,9136998","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:41,9137120","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:41,9137196","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,9137263","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read" | |
"10:28:41,9137406","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,9137468","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read" | |
"10:28:41,9137548","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","" | |
"10:28:41,9900696","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,9900778","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name" | |
"10:28:41,9900964","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read" | |
"10:28:41,9901138","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:41,9901216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>" | |
"10:28:41,9901300","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12" | |
"10:28:41,9901362","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:41,9901434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45" | |
"10:28:41,9901496","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>" | |
"10:28:41,9901861","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0" | |
"10:28:41,9901931","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read" | |
"10:28:41,9902007","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0" | |
"10:28:41,9902065","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12" | |
"10:28:41,9902133","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:41,9902206","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49" | |
"10:28:41,9902270","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>" | |
"10:28:41,9902382","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","" | |
"10:28:41,9902471","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Han |
View raw
(Sorry about that, but we can’t show files that are this big right now.)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment