BarRaider Stream Deck Extensions Registry Access (analyzed with Sysinternals Process Monitor)

barraiderRegistryAccess.csv

"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"10:28:19,8254308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8254382","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8254501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8254559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8254618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8254687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8254775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8254865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8254944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8254999","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8255088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8255213","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8255266","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8255356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8255438","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8256541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8256605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8256719","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8256807","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8256876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8256984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8257053","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8257122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8257182","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8257394","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8257454","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8257516","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8257574","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8257635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8257714","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8257778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8257865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8257944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8257997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8258113","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8258256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8258310","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8258400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8258483","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8259533","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8259590","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8259690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8259774","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8259835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8259901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8259960","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8260027","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8260160","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8260528","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8260619","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8260721","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8260797","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8260860","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8260931","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8260997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8261097","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8261190","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8261247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8261355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8261542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8261595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8261697","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8261824","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8262953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8263007","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8263112","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8263199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8263265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8263334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8263396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8263462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8263521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8263744","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8263812","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8263912","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8263977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8264037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8264106","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8264169","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8264257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8264334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8264392","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8264482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8264606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8264659","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8264766","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8264864","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8265915","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8265968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8266064","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8266146","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8266205","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8266292","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8266352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8266449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8266517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8266769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8266835","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8266900","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8266956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8267015","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8267081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8267146","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8267236","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8267312","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8267364","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8267451","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8267574","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8267632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8267718","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8267801","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,9484491","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 1960, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:20,6923744","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6923851","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6924067","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,6924287","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,6924368","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,6924459","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,6924563","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,6924647","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,6924708","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,6925052","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6925124","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,6925218","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,6925282","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,6925354","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,6925432","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,6925502","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,6925630","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,6925747","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6925804","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6925916","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,6926099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6926157","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6926256","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,6926356","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,7543420","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 33972, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:20,7555317","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7555461","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,7555650","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,7555733","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,7555795","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,7555869","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,7555929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,7556181","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7556252","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,7556342","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,7556432","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,7556499","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,7556609","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,7556674","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,7556797","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,7556876","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7556944","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,7557081","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7557144","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,7557227","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8317865","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8317964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8318171","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8318416","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8318505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8318595","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8318659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8318736","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8318798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8319188","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8319261","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8319342","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8319402","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8319469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8319554","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8319618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8319738","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8319829","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8319883","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8319982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8320160","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8320212","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8320307","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8320398","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8321701","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8321756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8321857","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8321941","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8322003","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8322069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8322129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8322195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8322253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8322473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8322535","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8322599","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8322655","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8322717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8322784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8322847","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8322935","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8323012","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8323065","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8323154","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8323275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8323327","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8323414","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8323497","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8324556","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8324608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8324703","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8324781","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8324840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8324951","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8325039","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8325109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8325167","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8325383","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8325445","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8325511","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8325566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8325625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8325692","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8325755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8325839","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8325917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8325968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8326062","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8326204","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8326260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8326369","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8326499","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8327564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8327616","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8327711","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8327789","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8327849","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8327920","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8327979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8328044","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8328104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8328315","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8328376","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8328440","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8328497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8328556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8328622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8328683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8328771","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8328854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8328905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8328990","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8329110","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8329163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8329249","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8329332","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8330384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8330436","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8330549","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8330625","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8330689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8330754","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8330814","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8330877","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8330936","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8331148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8331209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8331272","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8331328","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8331415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8331484","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8331546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8331633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8331710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8331761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8331847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8331969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8332020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8332105","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8332202","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8333260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8333313","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8333407","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8333484","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8333545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8333609","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8333687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8333752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8333810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8334020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334080","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8334143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8334199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8334259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8334325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8334404","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8334491","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8334569","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8334710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8334887","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8335032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8335115","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8336219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8336272","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8336366","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8336475","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8336535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8336601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8336661","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8336726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8336787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8337002","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337067","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8337132","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8337188","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8337248","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8337315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8337377","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8337464","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8337541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337594","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8337701","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8337831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337884","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8337985","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8338069","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8339126","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8339179","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8339273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8339351","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8339410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8339476","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8339536","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8339603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8339662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8339872","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8339934","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8339996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8340052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8340112","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8340178","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8340239","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8340325","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8340402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8340454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8340539","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8340658","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8340715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8340802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8340884","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,6998615","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,6998725","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,6998898","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,6999087","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,6999191","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,6999453","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,6999642","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,6999762","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,6999827","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7000207","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7000299","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,7000417","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,7000488","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,7000560","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7000651","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,7000730","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7000931","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,7001264","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7001353","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,7001550","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7001840","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7001893","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,7002000","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7002140","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,7628686","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7628853","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,7629037","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,7629130","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,7629195","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7629267","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,7629326","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7629603","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7629680","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,7629781","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,7629977","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,7630043","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7630141","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,7630201","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7630316","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,7630426","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7630503","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7630646","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7630720","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7630823","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8392835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8392929","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8393124","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8393316","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8393410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8393512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8393588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8393675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8393749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8394163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8394245","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8394335","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8394433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8394514","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8394601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8394681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8394814","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8394920","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8394986","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8395109","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8395308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8395399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8395517","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8395633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8397161","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8397246","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8397384","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8397487","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8397563","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8397646","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8397719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8397799","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8397871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8398144","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8398219","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8398298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8398367","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8398439","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8398522","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8398596","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8398707","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8398801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8398864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8398988","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8399137","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8399200","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8399319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8399422","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8400729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8400792","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8400908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8401057","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8401132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8401212","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8401304","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8401542","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8401760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8402242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8402334","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8402455","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8402520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8402588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8402668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8402734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8402849","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8402945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8403004","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8403134","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8403333","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8403386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8403482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8403577","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8404997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8405054","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8405181","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8405284","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8405363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8405436","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8405511","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8405590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8405651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8405874","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8405938","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8406004","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8406059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8406118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8406186","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8406247","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8406334","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8406445","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8406503","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8406600","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8406725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8406777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8406865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8406948","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8408147","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8408218","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8408373","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8408483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8408588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8408672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8408749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8408821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8408879","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8409115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409178","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8409245","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8409305","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8409363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8409430","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8409493","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8409581","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8409660","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8409798","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8409924","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409975","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8410059","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8410141","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8411222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8411275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8411370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8411504","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8411564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8411630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8411705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8411770","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8411827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8412042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8412104","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8412169","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8412226","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8412284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8412349","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8412409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8412496","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8412611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8412669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8412784","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8412953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8413030","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8413150","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8413263","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8414443","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8414499","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8414606","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8414692","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8414752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8414820","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8414878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8414941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8414999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8415232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8415293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8415356","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8415413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8415496","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8415562","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8415622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8415711","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8415790","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8415841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8415927","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8416051","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8416102","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8416185","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8416267","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8417361","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8417413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8417509","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8417586","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8417645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8417708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8417767","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8417830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8417889","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8418099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418158","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8418220","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8418274","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8418332","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8418398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8418461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8418545","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8418622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418673","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8418758","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8418876","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8419010","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8419091","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,0408484","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 28164, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:22,7072988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7073152","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7073457","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,7073693","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7073801","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,7073938","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,7074002","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7074074","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,7074136","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7074521","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7074751","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,7074892","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7074982","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,7075062","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7075194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,7075272","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7075407","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,7075522","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7075579","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7075710","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7075924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7075988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7076096","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7076224","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,7703530","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7703673","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,7703855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,7703958","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,7704055","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7704137","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,7704197","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7704493","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7704562","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,7704652","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7704713","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,7704777","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7704849","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,7704912","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7705029","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,7705109","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7705172","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7705318","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7705380","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7705489","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8467692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8467817","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8468030","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8468276","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8468368","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8468463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8468535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8468612","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8468725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8469276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8469360","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8469452","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8469662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8469742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8469826","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8469899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8470057","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8470168","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8470230","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8470339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8470527","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8470587","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8470690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8470795","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8472226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8472308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8472426","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8472518","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8472583","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8472657","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8472722","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8472795","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8472861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8473112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8473180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8473250","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8473311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8473389","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8473461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8473527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8473622","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8473706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8473763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8473862","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8474008","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8474059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8474144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8474226","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8475297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8475349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8475446","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8475521","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8475579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8475725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8475785","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8475848","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8475906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8476122","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8476187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8476253","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8476311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8476372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8476470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8476538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8476627","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8476706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8476758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8476933","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8477060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8477113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8477199","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8477281","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8478331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8478524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8478638","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8478723","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8478833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8478900","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8478958","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8479029","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8479086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8479309","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8479402","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8479471","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8479529","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8479587","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8479653","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8479721","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8479815","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8479896","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8479976","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8480070","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8480196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8480253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8480343","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8480427","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8481515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8481570","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8481667","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8481752","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8481821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8481888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8481948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8482010","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8482070","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8482289","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8482356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8482420","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8482475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8482532","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8482598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8482659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8482750","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8482827","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8482879","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8482965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8483090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8483145","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8483228","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8483331","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8484421","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8484476","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8484569","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8484646","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8484705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8484787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8484846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8484909","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8484968","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8485177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8485241","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8485305","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8485373","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8485432","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8485499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8485566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8485656","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8485731","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8485786","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8485871","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8485989","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8486042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8486128","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8486209","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8487271","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8487325","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8487422","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8487501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8487559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8487624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8487683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8487746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8487803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8488052","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488119","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8488183","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8488256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8488315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8488406","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8488469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8488559","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8488643","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488704","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8488792","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8488914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8489055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8489136","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8490172","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8490226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8490319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8490394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8490453","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8490521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8490582","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8490645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8490703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8490913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8490975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8491048","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8491110","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8491170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8491236","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8491296","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8491411","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8491491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8491543","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8491629","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8491755","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8491807","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8491911","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8491993","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,4512698","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4744"
"10:28:23,5598458","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 18948"
"10:28:23,5598757","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 10116"
"10:28:23,5601506","com.barraider.voicemeeter.exe","8808","TCP Send","kubernetes.docker.internal:60488 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51955887, endtime: 51955887, seqnum: 0, connid: 0"
"10:28:23,5602286","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 2900"
"10:28:23,7148484","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7148672","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7148946","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,7149188","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7149309","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,7149460","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,7149550","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7149667","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,7149759","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7150187","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7150298","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,7150419","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7150513","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,7150621","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7150749","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,7150845","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7151012","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,7151241","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7151515","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7151704","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7152040","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7152096","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7152196","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7152333","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,7778981","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7779112","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,7779289","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,7779419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,7779516","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7779596","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,7779656","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7779939","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780010","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,7780092","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7780154","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,7780216","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7780311","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,7780371","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7780494","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,7780575","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780639","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7780770","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780834","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7780932","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8542996","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8543125","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8543401","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8543649","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8543774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8543907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8543996","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8544096","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8544183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8544676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8544795","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8544922","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8545013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8545118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8545229","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8545322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8545487","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8545613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8545688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8545860","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8546094","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8546169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8546313","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8546490","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8548130","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8548219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8548400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8548535","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8548633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8548737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8548825","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8548923","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8549012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8549352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8549450","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8549551","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8549638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8549740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8549841","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8549929","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8550063","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8550180","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8550257","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8550396","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8550583","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8550662","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8550797","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8550931","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8552415","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8552492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8552650","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8552788","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8552882","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8553013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8553122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8553220","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8553325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8553685","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8553787","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8553889","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8553972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8554063","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8554165","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8554257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8554400","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8554523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8554611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8554753","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8554938","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8555015","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8555203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8555354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8556848","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8556927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8557084","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8557235","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8557326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8557422","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8557505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8557598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8557681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8558003","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8558106","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8558205","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8558289","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8558376","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8558470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8558556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8558690","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8558810","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8558895","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8559038","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8559223","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8559300","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8559433","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8559567","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8561019","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8561107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8561259","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8561412","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8561512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8561611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8561697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8561798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8561888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8562228","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8562327","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8562434","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8562516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8562607","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8562710","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8562801","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8562941","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8563060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8563141","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8563274","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8563486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8563564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8563722","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8563868","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8565324","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8565405","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8565563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8565687","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8565783","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8565899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8565988","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8566085","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8566174","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8566535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8566642","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8566747","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8566839","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8566948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8567052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8567138","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8567273","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8567402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8567484","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8567632","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8567822","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8567905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8568039","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8568176","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8569633","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8569717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8569868","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8570002","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8570091","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8570195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8570280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8570374","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8570459","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8570777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8570872","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8570970","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8571097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8571191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8571297","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8571417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8571561","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8571678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8571763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8571904","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8572090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8572169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8572303","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8572441","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8573913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8573992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8574156","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8574280","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8574369","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8574462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8574550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8574649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8574734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8575053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8575157","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8575263","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8575354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8575446","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8575550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8575645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8575779","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8575894","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8575980","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8576120","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8576316","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8576434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8576579","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8576732","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,6603992","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:24,6604205","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:24,6604284","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,6605348","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:24,6605657","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:24,6605762","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,6606802","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: 0, OpenResult: Opened"
"10:28:24,6607156","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 0, Length: 0, Priority: Normal"
"10:28:24,6607340","com.barraider.obstools.exe","7132","QueryStandardInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","AllocationSize: 143.360, EndOfFile: 142.497, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:28:24,6607446","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 142.497, Length: 79, Priority: Normal"
"10:28:24,6608559","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,7222924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7223008","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7223198","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,7223387","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7223466","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,7223548","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,7223609","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7223679","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,7223740","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7224043","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7224112","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,7224186","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7224243","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,7224308","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7224378","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,7224441","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7224550","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,7224639","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7224690","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7224786","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7224964","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7225014","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7225103","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7225193","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,7853050","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7853200","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,7853391","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,7853503","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,7853565","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7853637","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,7853696","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7853970","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854040","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,7854127","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7854187","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,7854249","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7854319","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,7854400","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7854519","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,7854595","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854660","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7854803","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854867","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7854950","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8617515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8617605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8617790","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8617972","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8618052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8618141","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8618209","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8618290","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8618350","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8618734","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8618805","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8618881","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8618978","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8619054","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8619129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8619194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8619310","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8619399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8619451","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8619577","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8619746","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8619797","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8619891","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8619984","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8621197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8621252","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8621353","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8621467","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8621527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8621615","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8621674","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8621738","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8621796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8622014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622075","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8622140","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8622194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8622253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8622322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8622382","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8622467","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8622542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622592","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8622678","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8622798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622849","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8622932","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8623012","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8624057","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8624108","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8624203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8624277","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8624334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8624397","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8624454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8624517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8624573","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8624781","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8624843","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8624905","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8624959","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8625018","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8625083","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8625143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8625225","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8625301","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8625352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8625434","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8625567","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8625617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8625702","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8625787","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8627097","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8627165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8627320","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8627435","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8627518","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8627589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8627649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8627716","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8627775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8628035","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8628170","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8628227","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8628288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8628354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8628417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8628518","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8628599","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628651","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8628744","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8628882","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8629020","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8629106","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8630156","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8630206","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8630300","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8630380","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8630472","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8630555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8630617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8630682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8630740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8630964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631024","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8631088","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8631159","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8631218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8631282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8631342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8631457","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8631535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631586","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8631672","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8631793","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631843","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8631926","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8632011","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8633148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8633199","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8633293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8633368","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8633426","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8633489","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8633546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8633611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8633668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8633875","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8633935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8633996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8634051","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8634109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8634172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8634231","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8634316","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8634397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8634452","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8634543","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8634665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8634715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8634802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8634888","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8635942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8635992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8636101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8636178","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8636235","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8636298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8636355","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8636447","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8636506","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8636720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8636779","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8636843","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8636898","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8636956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8637021","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8637081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8637166","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8637242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8637291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8637374","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8637491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8637541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8637624","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8637705","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8638764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8638814","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8638906","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8639000","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8639058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8639136","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8639193","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8639255","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8639312","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8639516","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8639575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8639637","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8639691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8639749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8639812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8639871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8639954","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8640028","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8640079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8640196","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8640328","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8640379","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8640477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8640563","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,9548917","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 4744, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,0633995","com.barraider.voicemeeter.exe","8808","Thread Exit","","SUCCESS","Thread ID: 10116, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,1562619","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 34356, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,1716748","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:25,5282649","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 30620"
"10:28:25,5283047","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 16784"
"10:28:25,5285594","com.barraider.twitchtools.exe","36544","TCP Send","kubernetes.docker.internal:60487 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51956084, endtime: 51956084, seqnum: 0, connid: 0"
"10:28:25,5286857","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 8000"
"10:28:25,6911649","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:25,7297923","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7298011","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7298191","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,7298381","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7298478","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,7298592","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,7298796","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7299155","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,7299228","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7299632","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7299744","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,7299879","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7299943","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,7300011","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7300092","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,7300159","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7300280","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,7300553","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7300627","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7300770","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7301033","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7301090","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7301215","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7301346","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,7927386","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7927516","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,7927690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,7927772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,7927844","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7927946","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,7928004","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7928273","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7928348","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,7928509","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7928578","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,7928641","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7928711","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,7928771","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7928888","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,7928983","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7929051","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7929220","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7929284","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7929373","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8692551","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8692644","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8692854","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8693052","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8693161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8693254","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8693320","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8693499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8693794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8694303","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8694405","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8694530","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8694597","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8694664","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8694744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8694813","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8694940","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8695034","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8695098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8695222","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8695419","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8695486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8695620","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8695721","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8697165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8697253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8697365","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8697479","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8697544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8697625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8697687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8697765","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8697827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8698059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698129","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8698199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8698257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8698315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8698381","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8698443","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8698536","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8698618","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8698776","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8698902","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698960","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8699049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8699134","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8700198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8700255","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8700355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8700442","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8700516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8700584","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8700658","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8700737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8700796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8701011","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8701076","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8701143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8701218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8701279","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8701345","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8701435","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8701524","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8701613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8701716","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8701833","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8701969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8702066","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8702164","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8702254","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8703314","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8703381","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8703483","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8703562","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8703633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8703699","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8703758","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8703830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8703917","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8704134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8704198","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8704300","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8704360","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8704421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8704487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8704556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8704684","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8704764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8704816","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8704908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8705031","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8705083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8705169","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8705272","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8706322","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8706406","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8706505","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8706619","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8706684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8706752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8706811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8706875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8706943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8707159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8707226","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8707298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8707363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8707423","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8707490","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8707551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8707637","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8707717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8707769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8707864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8707988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8708075","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8708167","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8708257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8709337","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8709398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8709495","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8709575","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8709635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8709701","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8709760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8709835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8709894","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8710113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8710187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8710278","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8710366","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8710434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8710533","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8710662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8710758","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8710837","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8710891","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8710982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8711111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8711164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8711258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8711341","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8712425","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8712481","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8712583","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8712664","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8712763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8712833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8712891","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8712961","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8713037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8713256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8713326","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8713393","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8713450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8713509","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8713576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8713638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8713723","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8713803","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8713859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8713956","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8714079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8714134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8714239","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8714326","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8715386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8715557","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8715662","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8715741","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8715803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8715868","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8715928","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8715993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8716052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8716263","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8716358","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8716483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8716549","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8716613","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8716680","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8716804","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8717007","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8717131","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8717198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8717315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8717486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8717539","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8717705","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8717820","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,2041656","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7086508","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7087140","com.barraider.obstools.exe","7132","TCP Disconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7091792","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7092801","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 6800"
"10:28:26,7093367","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 14720"
"10:28:26,7095002","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7095672","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4216"
"10:28:26,7096098","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7096887","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7097331","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7097795","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7098200","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7098642","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099076","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099504","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099905","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7100328","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7100767","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7101164","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7101584","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7102054","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7373098","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7373262","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7373525","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,7373749","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,7373856","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,7373969","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,7374058","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,7374153","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,7374231","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,7374589","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7374678","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,7374778","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,7374859","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,7375079","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,7375194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,7375276","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,7375427","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,7375592","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7375667","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7375797","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,7376024","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7376099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7376223","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,7376352","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8002355","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8002487","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8002690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8002772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8002831","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8002905","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8002962","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8003210","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8003279","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8003357","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8003417","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8003496","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8003564","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8003623","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8003729","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8003807","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8003869","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8004005","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8004066","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8004146","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8767684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8767785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8767994","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8768198","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8768281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8768387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8768455","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8768527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8768588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8768974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8769098","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8769203","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8769269","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8769337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8769411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8769488","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8769631","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8769745","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8769832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8769949","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8770135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8770189","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8770284","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8770379","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8771684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8771743","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8771864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8771949","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8772012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8772079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8772139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8772204","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8772282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8772508","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8772570","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8772635","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8772691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8772751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8772819","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8772881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8772968","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8773047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8773100","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8773204","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8773331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8773384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8773473","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8773556","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8774640","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8774695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8774791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8774871","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8774933","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8774997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8775057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8775122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8775181","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8775397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8775458","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8775523","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8775586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8775645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8775718","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8775779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8775865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8775949","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8776001","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8776088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8776209","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8776260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8776349","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8776463","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8777525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8777577","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8777671","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8777751","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8777810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8777875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8777934","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8777999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8778057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8778270","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8778330","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8778394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8778450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8778508","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8778575","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8778637","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8778722","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8778798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8778850","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8778936","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8779056","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8779107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8779197","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8779283","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8780360","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8780413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8780560","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8780647","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8780712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8780779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8780840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8780907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8780983","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8781197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8781258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8781323","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8781407","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8781470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8781538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8781600","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8781687","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8781765","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8781818","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8781905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8782044","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8782096","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8782183","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8782270","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8783332","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8783385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8783480","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8783557","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8783617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8783684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8783743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8783810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8783869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8784082","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8784207","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8784263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8784343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8784412","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8784475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8784562","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8784639","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8784778","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8784898","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784951","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8785052","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8785135","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8786196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8786247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8786348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8786458","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8786520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8786590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8786650","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8786715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8786775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8786988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8787113","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8787168","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8787228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8787295","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8787358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8787444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8787524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787575","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8787683","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8787804","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787856","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8787965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8788049","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8789105","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8789159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8789273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8789350","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8789409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8789482","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8789557","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8789632","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8789719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8789968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790033","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8790099","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8790155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8790215","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8790283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8790347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8790470","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8790553","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8790710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8790831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790897","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8790997","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8791082","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,0322869","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 16784, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:27,7448185","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7448276","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7448476","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,7448676","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,7448770","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,7448860","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,7448923","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,7448994","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,7449055","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,7449387","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7449472","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,7449577","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,7449652","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,7449724","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,7449799","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,7449879","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,7450020","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,7450118","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7450179","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7450281","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,7450459","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7450530","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7450634","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,7450732","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8079732","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8079885","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8080048","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8080126","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8080190","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8080259","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8080350","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8080679","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8080757","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8080845","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8080906","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8080969","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8081038","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8081098","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8081211","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8081287","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8081351","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8081824","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8081957","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8082133","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8842946","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8843039","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8843276","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8843472","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8843558","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8843652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8843716","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8843791","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8843851","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8844243","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8844312","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8844391","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8844449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8844519","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8844592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8844697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8844819","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8844913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8844969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8845072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8845271","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8845324","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8845421","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8845513","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8846795","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8846849","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8846952","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8847038","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8847117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8847184","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8847245","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8847311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8847386","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8847613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8847674","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8847740","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8847799","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8847857","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8847925","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8847986","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8848074","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8848152","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8848204","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8848293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8848420","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8848472","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8848563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8848645","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8849706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8849758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8849854","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8849932","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8849991","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8850056","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8850116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8850182","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8850240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8850451","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8850512","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8850574","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8850630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8850689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8850756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8850858","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8850953","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8851032","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8851083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8851173","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8851296","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8851348","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8851458","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8851542","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8853878","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8853934","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8854038","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8854127","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8854191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8854258","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8854317","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8854381","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8854440","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8854669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8854733","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8854798","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8854854","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8854914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8854979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8855041","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8855132","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8855211","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8855262","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8855350","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8855473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8855525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8855612","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8855695","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8856786","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8856840","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8856934","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8857035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8857095","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8857160","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8857219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8857283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8857358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8857570","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8857631","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8857695","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8857751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8857810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8857874","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8857935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8858021","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8858098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8858148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8858235","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8858356","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8858409","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8858493","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8858575","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8859617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8859670","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8859768","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8859843","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8859901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8859966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8860025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8860089","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8860147","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8860357","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8860417","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8860479","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8860534","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8860593","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8860659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8860720","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8860805","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8860881","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8860932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8861018","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8861136","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8861187","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8861272","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8861354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8862434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8862487","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8862580","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8862656","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8862715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8862779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8862869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8862937","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8862998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8863209","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8863270","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8863333","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8863389","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8863448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8863514","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8863579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8863671","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8863753","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8863805","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8863891","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8864009","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8864062","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8864146","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8864229","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,8865290","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8865343","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8865440","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,8865516","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8865592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,8865657","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,8865717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8865782","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,8865856","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,8866067","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8866127","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,8866190","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,8866263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,8866323","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8866417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,8866481","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,8866567","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,8866647","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8866699","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8866786","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8866906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,8866958","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,8867043","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:27,8867125","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,2099052","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 6800, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:28,4578058","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 36212"
"10:28:28,7522755","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7522863","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,7523102","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,7523316","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,7523413","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,7523528","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,7523606","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,7523694","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,7523770","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,7524124","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7524210","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,7524302","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,7524376","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,7524457","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,7524547","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,7524625","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,7524771","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,7524881","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7524951","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,7525073","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,7525271","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,7525337","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,7525477","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,7525701","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8152840","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8152976","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8153159","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8153264","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8153325","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8153401","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8153459","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8153717","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8153787","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8153870","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8153929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8153992","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8154060","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8154142","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8154251","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8154328","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8154391","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8154525","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8154585","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8154666","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8917541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8917626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8917846","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8918014","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8918097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8918183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8918248","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8918322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8918385","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8918756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8918826","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8918900","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8918960","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8919029","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8919127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8919194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8919300","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8919390","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8919444","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8919538","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8919704","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8919758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8919852","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8919942","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8921166","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8921217","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8921315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8921434","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8921497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8921564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8921624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8921707","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8921766","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8921984","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8922045","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8922112","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8922168","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8922226","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8922293","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8922356","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8922444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8922523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8922615","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8922712","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8922841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8922893","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8922981","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8923070","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8924135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8924189","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8924290","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8924368","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8924428","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8924495","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8924555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8924624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8924683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8924894","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8924959","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8925023","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8925080","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8925140","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8925205","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8925268","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8925354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8925433","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8925486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8925575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8925700","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8925751","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8925855","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8925939","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8927024","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8927076","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8927186","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8927264","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8927325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8927391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8927451","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8927515","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8927574","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8927783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8927847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8927910","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8927966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8928025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8928096","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8928161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8928248","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8928325","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8928379","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8928479","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8928602","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8928654","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8928741","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8928824","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8929873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8929925","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8930019","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8930096","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8930155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8930221","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8930281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8930363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8930423","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8930630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8930691","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8930754","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8930810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8930870","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8930935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8930997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8931084","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8931160","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8931212","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8931299","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8931448","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8931501","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8931588","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8931672","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8932717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8932769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8932863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8932940","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8932998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8933067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8933127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8933199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8933259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8933501","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8933563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8933628","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8933684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8933744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8933812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8933876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8933964","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8934041","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8934094","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8934180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8934299","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8934353","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8934439","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8934522","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8935576","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8935628","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8935741","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8935817","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8935876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8935941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8936000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8936064","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8936123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8936331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8936419","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8936486","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8936544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8936604","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8936670","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8936752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8936838","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8936917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8936969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8937054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8937177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8937229","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8937317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8937399","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:28,8938442","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8938494","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8938587","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:28,8938683","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8938742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:28,8938806","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:28,8938866","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8938944","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:28,8939004","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:28,8939214","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8939274","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:28,8939338","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:28,8939394","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:28,8939453","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8939523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:28,8939585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:28,8939673","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:28,8939752","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8939808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8939893","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8940012","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:28,8940080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:28,8940180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:28,8940262","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,7598470","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7598717","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,7599003","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,7599242","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,7599344","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,7599456","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,7599537","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,7599626","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,7599703","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,7600088","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7600185","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,7600285","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,7600362","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,7600446","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,7600541","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,7600629","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,7600770","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,7600886","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7600956","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,7601084","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,7601303","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,7601368","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,7601526","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,7601634","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,8228495","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8228635","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,8228823","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,8228908","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,8228968","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8229038","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,8229097","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8229366","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8229438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,8229520","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8229582","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,8229646","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8229752","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,8229812","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8229924","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,8230001","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8230066","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8230204","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8230265","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8230347","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,8992572","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8992662","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8992876","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,8993068","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8993177","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,8993269","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,8993337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8993415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,8993481","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8993873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8993950","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,8994033","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8994099","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,8994171","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8994250","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,8994321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8994442","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,8994537","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8994596","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8994703","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8994889","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8994945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8995046","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8995148","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,8996889","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8996988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8997240","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,8997430","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8997521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,8997610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,8997673","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8997778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,8997842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,8998222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8998295","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,8998373","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,8998433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,8998501","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8998576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,8998640","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,8998761","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,8998851","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8998907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8999007","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8999202","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,8999254","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,8999348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,8999440","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9000854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9000907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9001007","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9001089","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9001151","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9001219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9001278","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9001343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9001449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9001688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9001752","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9001819","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9001875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9001974","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9002049","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9002117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9002213","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9002300","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9002351","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9002442","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9002573","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9002625","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9002713","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9002801","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9003873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9003924","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9004026","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9004103","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9004162","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9004230","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9004288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9004353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9004411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9004627","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9004687","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9004750","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9004806","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9004864","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9004931","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9004994","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9005080","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9005159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9005210","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9005296","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9005416","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9005468","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9005554","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9005635","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9006752","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9006808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9006905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9006984","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9007045","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9007111","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9007170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9007259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9007319","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9007543","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9007603","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9007667","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9007723","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9007783","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9007848","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9007911","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9007997","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9008074","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9008126","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9008216","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9008338","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9008389","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9008477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9008560","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9009607","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9009658","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9009753","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9009850","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9009908","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9009973","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9010032","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9010097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9010155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9010365","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9010424","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9010487","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9010543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9010602","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9010684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9010746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9010829","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9010907","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9010959","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9011046","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9011165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9011216","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9011317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9011440","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9012510","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9012563","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9012664","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9012741","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9012817","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9012918","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9012980","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9013054","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9013117","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9013333","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9013401","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9013467","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9013523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9013584","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9013652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9013713","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9013802","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9013879","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9013931","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9014017","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9014143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9014195","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9014281","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9014365","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9015407","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9015460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9015553","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:29,9015628","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9015687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:29,9015752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:29,9015811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9015895","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:29,9015954","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:29,9016163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9016223","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:29,9016286","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:29,9016342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:29,9016445","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9016524","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:29,9016591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:29,9016679","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:29,9016761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9016813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9016919","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9017047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:29,9017099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:29,9017201","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:29,9017284","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:29,9614077","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 36212, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:30,7672698","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 35168"
"10:28:30,7672811","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7672923","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,7673149","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,7673356","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,7673438","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,7673526","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,7673592","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,7673665","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,7673727","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,7674045","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7674122","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,7674207","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,7674269","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,7674336","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,7674412","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,7674484","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,7674609","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,7674702","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7674756","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,7674856","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,7675023","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,7675074","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,7675201","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,7675295","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,8302367","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8302536","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,8302755","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,8302855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,8302929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,8303016","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,8303128","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,8303442","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8303532","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,8303640","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,8303717","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,8303808","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,8303880","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,8303938","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,8304056","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,8304133","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8304197","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,8304327","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,8304390","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,8304474","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9067852","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9067949","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9068224","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9068472","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9068567","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9068688","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9068766","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9068841","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9068903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9069291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9069369","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9069453","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9069513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9069585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9069666","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9069732","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9069856","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9069953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9070006","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9070105","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9070279","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9070331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9070426","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9070522","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9072882","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9072939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9073072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9073161","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9073225","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9073294","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9073357","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9074132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9074221","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9074496","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9074564","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9074637","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9074697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9074760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9074828","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9074890","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9074982","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9075061","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9075114","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9075209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9075365","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9075417","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9075510","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9075596","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9076758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9076812","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9076910","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9076990","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9077050","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9077116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9077176","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9077240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9077298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9077512","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9077571","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9077635","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9077690","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9077749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9077821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9077885","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9077970","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9078047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9078098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9078184","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9078304","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9078355","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9078440","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9078523","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9079571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9079622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9079721","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9079798","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9079861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9079925","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9079983","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9080046","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9080104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9080311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9080370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9080435","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9080491","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9080550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9080653","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9080719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9080808","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9080888","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9080939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9081026","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9081149","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9081201","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9081288","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9081444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9082506","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9082559","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9082657","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9082736","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9082796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9082861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9082921","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9083005","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9083065","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9083276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9083339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9083403","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9083460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9083519","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9083586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9083648","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9083734","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9083811","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9083864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9083952","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9084076","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9084129","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9084215","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9084299","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9085401","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9085454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9085551","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9085652","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9085712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9085779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9085837","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9085902","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9085964","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9086173","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9086234","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9086297","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9086354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9086462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9086531","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9086594","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9086682","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9086760","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9086813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9086900","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9087022","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9087073","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9087158","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9087244","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9088296","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9088349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9088444","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9088521","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9088579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9088649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9088708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9088772","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9088831","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9089038","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9089098","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9089160","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9089216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9089276","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9089342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9089403","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9089489","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9089565","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9089618","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9089705","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9089822","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9089873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9089975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9090059","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:30,9091104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9091157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9091266","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:30,9091349","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9091435","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:30,9091502","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:30,9091591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9091675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:30,9091734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:30,9091947","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9092009","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:30,9092072","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:30,9092127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:30,9092185","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9092253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:30,9092314","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:30,9092398","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:30,9092474","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9092525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9092613","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9092731","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:30,9092782","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:30,9092865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:30,9092946","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,7748384","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7748499","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,7748722","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,7748916","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,7749032","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,7749147","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,7749237","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,7749370","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,7749464","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,7749874","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7749980","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,7750105","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,7750190","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,7750283","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,7750382","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,7750482","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,7750728","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,7750837","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7750892","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,7750998","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,7751186","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,7751239","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,7751335","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,7751475","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,8376993","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8377138","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,8377328","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,8377419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,8377482","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,8377554","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,8377613","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,8377886","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8377957","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,8378042","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,8378104","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,8378170","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,8378242","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,8378303","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,8378417","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,8378492","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8378556","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,8378707","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,8378771","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,8378855","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9142734","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9142831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9143055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9143296","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9143386","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9143475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9143544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9143621","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9143685","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9144083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9144157","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9144241","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9144353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9144454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9144536","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9144618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9144757","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9144870","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9144927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9145034","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9145226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9145280","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9145379","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9145472","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9146781","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9146835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9146935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9147020","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9147082","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9147152","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9147213","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9147284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9147343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9147564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9147629","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9147695","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9147753","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9147812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9147880","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9147942","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9148032","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9148110","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9148164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9148254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9148382","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9148435","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9148525","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9148609","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9149688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9149741","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9149837","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9149916","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9149977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9150042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9150101","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9150187","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9150247","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9150462","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9150523","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9150588","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9150645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9150705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9150772","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9150834","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9150925","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9151004","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9151056","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9151144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9151265","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9151318","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9151441","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9151526","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9152588","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9152641","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9152738","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9152815","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9152875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9152941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9153000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9153064","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9153123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9153339","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9153402","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9153469","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9153526","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9153586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9153672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9153735","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9153822","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9153900","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9153952","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9154043","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9154164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9154217","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9154306","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9154388","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9155447","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9155498","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9155596","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9155672","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9155789","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9155859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9155920","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9155984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9156042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9156261","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9156324","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9156419","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9156477","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9156537","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9156603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9156667","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9156753","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9156832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9156885","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9156988","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9157112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9157164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9157251","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9157348","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9158412","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9158465","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9158562","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9158638","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9158697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9158763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9158822","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9158906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9158964","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9159176","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9159238","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9159301","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9159357","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9159416","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9159482","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9159543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9159629","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9159707","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9159758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9159844","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9159963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9160014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9160100","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9160181","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9161234","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9161288","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9161381","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9161485","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9161545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9161610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9161669","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9161744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9161803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9162014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9162075","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9162138","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9162194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9162253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9162321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9162383","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9162469","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9162547","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9162598","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9162683","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9162801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9162853","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9162938","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9163020","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:31,9164082","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9164134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9164229","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:31,9164304","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9164363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:31,9164428","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:31,9164486","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9164551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:31,9164610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:31,9164821","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9164881","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:31,9164944","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:31,9165000","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:31,9165058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9165123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:31,9165184","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:31,9165269","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:31,9165346","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9165398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9165563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9165695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:31,9165747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:31,9165837","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:31,9165920","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,2709458","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 35168, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:32,5962832","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 17004"
"10:28:32,7822888","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7822987","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,7823263","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,7823473","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,7823564","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,7823657","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,7823725","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,7823800","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,7823863","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,7824203","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7824277","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,7824362","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,7824422","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,7824489","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,7824564","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,7824628","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,7824756","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,7824850","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7824905","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,7825005","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,7825199","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,7825252","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,7825353","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,7825446","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,8452332","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8452464","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,8452644","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,8452747","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,8452808","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,8452878","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,8452935","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,8453196","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8453267","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,8453382","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,8453460","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,8453524","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,8453592","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,8453675","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,8453790","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,8453868","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8453933","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,8454070","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,8454132","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,8454215","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9217783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9217878","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9218099","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9218301","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9218388","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9218502","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9218567","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9218641","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9218703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9219085","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9219159","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9219243","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9219304","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9219372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9219446","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9219510","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9219634","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9219729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9219785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9219894","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9220062","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9220115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9220212","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9220307","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9221608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9221663","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9221764","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9221849","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9221912","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9221979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9222039","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9222103","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9222164","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9222383","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9222446","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9222511","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9222568","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9222628","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9222695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9222756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9222850","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9222927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9222979","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9223085","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9223208","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9223260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9223348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9223432","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9224492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9224545","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9224642","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9224720","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9224778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9224843","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9224902","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9224966","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9225025","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9225242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9225305","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9225369","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9225425","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9225485","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9225555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9225617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9225702","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9225780","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9225832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9225922","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9226042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9226093","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9226195","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9226278","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9227381","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9227434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9227544","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9227623","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9227682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9227763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9227823","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9227888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9227946","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9228202","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9228281","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9228348","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9228405","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9228465","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9228534","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9228599","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9228688","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9228766","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9228819","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9228905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9229028","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9229080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9229168","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9229252","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9230320","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9230373","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9230468","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9230546","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9230606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9230675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9230735","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9230803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9230863","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9231084","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9231145","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9231209","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9231265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9231325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9231420","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9231487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9231575","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9231653","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9231708","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9231795","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9231917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9231969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9232058","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9232140","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9233192","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9233245","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9233359","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9233437","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9233497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9233563","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9233623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9233687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9233746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9233962","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9234023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9234086","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9234143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9234203","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9234271","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9234351","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9234441","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9234518","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9234571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9234659","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9234783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9234835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9234921","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9235005","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9236055","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9236107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9236203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9236280","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9236339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9236448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9236510","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9236575","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9236635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9236848","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9236910","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9236974","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9237031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9237090","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9237157","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9237219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9237305","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9237382","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9237435","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9237538","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9237680","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9237739","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9237824","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9237909","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:32,9238977","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9239066","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9239164","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:32,9239273","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9239333","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:32,9239398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:32,9239458","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9239522","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:32,9239580","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:32,9239791","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9239852","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:32,9240688","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:32,9240755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:32,9240815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9240881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:32,9240944","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:32,9241031","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:32,9241111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9241163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9241254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9241408","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:32,9241461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:32,9241605","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:32,9241694","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,7899308","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7899429","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,7899702","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,7900024","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,7900169","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,7900284","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,7900375","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,7900469","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,7900547","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,7900915","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7901008","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,7901107","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,7901200","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,7901290","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,7901381","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,7901508","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,7901656","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,7901781","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7901852","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,7902019","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,7902263","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,7902341","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,7902511","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,7902646","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,8530559","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8530758","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,8530995","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,8531129","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,8531212","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,8531313","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,8531419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,8531736","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8531812","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,8531906","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,8531981","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,8532047","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,8532120","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,8532181","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,8532294","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,8532372","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8532438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,8532584","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,8532647","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,8532757","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9292943","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9293048","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9293254","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9293500","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9293589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9293689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9293755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9293830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9293892","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9294285","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9294358","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9294442","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9294503","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9294576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9294652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9294724","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9295011","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9295120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9295193","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9295307","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9295520","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9295595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9295709","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9295834","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9297171","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9297225","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9297329","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9297417","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9297479","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9297552","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9297612","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9297682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9297742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9297967","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9298033","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9298102","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9298158","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9298218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9298284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9298347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9298438","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9298517","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9298569","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9298666","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9298815","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9298867","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9298956","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9299039","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9300123","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9300179","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9300280","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9300364","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9300424","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9300490","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9300548","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9300613","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9300672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9300896","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9300957","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9301022","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9301078","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9301175","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9301253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9301314","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9301428","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9301509","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9301562","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9301656","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9302138","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9302194","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9302288","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9302379","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9303758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9303813","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9303912","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9304080","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9304142","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9304228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9304288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9304353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9304411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9304632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9304694","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9304759","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9304815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9304893","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9304958","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9305020","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9305109","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9305187","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9305239","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9305332","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9305456","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9305507","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9305592","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9305674","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9306775","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9306830","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9306926","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9307004","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9307067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9307132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9307190","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9307254","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9307311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9307523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9307584","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9307647","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9307703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9307762","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9307830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9307891","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9307976","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9308053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9308104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9308190","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9308311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9308362","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9308448","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9308557","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9309626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9309680","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9309781","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9309861","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9309936","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9310002","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9310061","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9310125","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9310183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9310397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9310614","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9310684","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9310743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9310804","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9310871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9310933","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9311020","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9311099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9311151","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9311241","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9311526","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9311584","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9311674","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9311760","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9313120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9313175","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9313273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9313354","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9313437","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9313527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9313586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9313651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9313709","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9313932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9313993","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9314059","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9314114","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9314172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9314237","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9314298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9314384","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9314462","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9314513","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9314598","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9314725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9314776","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9314861","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9314942","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:33,9316111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9316163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9316259","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:33,9316337","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9316420","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:33,9316486","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:33,9316545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9316608","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:33,9316665","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:33,9316875","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9316936","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:33,9317000","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:33,9317055","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:33,9317113","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9317180","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:33,9317240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:33,9317326","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:33,9317403","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9317454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9317555","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9317676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:33,9317727","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:33,9317812","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:33,9317894","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,1000120","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 17004, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:34,5338022","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 26244"
"10:28:34,5803397","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 7520"
"10:28:34,5803730","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 24548"
"10:28:34,7130133","com.barraider.twitchtools.exe","36544","TCP Send","host.docker.internal:57022 -> ec2-52-32-254-227.us-west-2.compute.amazonaws.com:https","SUCCESS","Length: 35, startime: 51956985, endtime: 51957003, seqnum: 0, connid: 0"
"10:28:34,7972922","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7973059","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,7973542","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,7973810","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,7973933","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,7974049","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,7974149","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,7974251","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,7974370","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,7974776","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7974886","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,7975001","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,7975086","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,7975188","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,7975297","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,7975392","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,7975555","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,7975685","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7975767","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,7975921","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,7976161","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,7976234","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,7976435","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,7976586","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,8602614","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8602774","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,8602980","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,8603070","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,8603177","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,8603253","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,8603313","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,8603595","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8603667","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,8603761","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,8603826","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,8603891","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,8603980","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,8604044","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,8604170","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,8604254","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8604322","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,8604464","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,8604529","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,8604618","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9368096","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9368205","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9368409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9368612","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9368703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9368794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9368859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9368935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9369002","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9369412","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9369501","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9369583","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9369644","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9369725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9369811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9369921","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9370049","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9370143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9370208","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9370314","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9370553","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9370609","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9370708","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9370811","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9372158","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9372216","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9372317","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9372400","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9372462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9372531","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9372593","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9372659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9372719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9372943","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9373006","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9373073","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9373129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9373263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9373333","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9373398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9373489","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9373566","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9373621","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9373709","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9373833","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9373885","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9373976","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9374060","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9375124","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9375177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9375275","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9375353","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9375413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9375478","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9375538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9375606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9375685","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9375899","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9375961","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9376026","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9376082","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9376143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9376216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9376279","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9376373","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9376483","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9376536","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9376625","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9376748","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9376800","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9376889","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9376973","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9378037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9378091","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9378188","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9378291","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9378353","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9378419","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9378480","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9378551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9378610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9378826","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9378887","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9378954","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9379011","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9379072","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9379138","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9379201","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9379289","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9379367","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9379419","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9379505","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9379626","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9379678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9379765","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9379848","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9380898","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9380951","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9381054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9381131","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9381206","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9381272","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9381331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9381396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9381487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9381738","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9381806","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9381871","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9381935","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9382010","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9382086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9382156","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9382263","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9382347","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9382414","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9382508","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9382630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9382684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9382771","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9382854","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9383912","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9383965","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9384062","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9384139","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9384199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9384265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9384325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9384391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9384470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9384683","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9384745","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9384809","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9384867","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9384926","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9384993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9385056","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9385142","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9385221","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9385274","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9385363","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9385484","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9385538","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9385631","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9385714","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9386806","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9386860","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9386957","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9387035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9387095","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9387163","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9387223","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9387288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9387349","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9387561","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9387626","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9387691","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9387748","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9387808","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9387876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9387938","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9388027","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9388104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9388157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9388243","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9388364","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9388416","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9388502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9388585","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:34,9389641","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9389695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9389792","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:34,9389868","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9389932","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:34,9389998","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:34,9390066","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9390133","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:34,9390193","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:34,9390406","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9390469","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:34,9390533","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:34,9390590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:34,9390651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9390737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:34,9390800","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:34,9390887","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:34,9390966","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9391019","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9391107","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9391230","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:34,9391284","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:34,9391370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:34,9391499","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,8048975","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8049060","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,8049269","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,8049473","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,8049555","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,8049646","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,8049711","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8049783","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,8049843","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8050156","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8050226","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,8050305","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,8050365","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,8050431","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8050503","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,8050566","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8050676","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,8050762","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8050815","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,8050916","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8051092","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8051144","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,8051240","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8051333","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,8678552","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8678703","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,8678896","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,8678982","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,8679046","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8679118","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,8679177","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,8679453","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8679523","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,8679609","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,8679670","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,8679733","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8679802","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,8679862","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,8680031","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,8680117","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8680183","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8680321","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,8680428","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,8680514","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9443081","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9443165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9443349","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9443535","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9443618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9443708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9443774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9443884","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9443946","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9444340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9444409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9444489","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9444550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9444619","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9444696","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9444760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9444873","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9444968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9445021","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9445122","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9445301","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9445352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9445476","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9445568","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9446866","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9446918","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9447023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9447109","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9447170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9447238","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9447297","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9447362","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9447421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9447643","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9447704","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9447769","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9447824","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9447884","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9447972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9448035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9448123","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9448206","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9448259","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9448351","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9448473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9448524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9448612","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9448695","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9449756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9449808","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9449903","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9450002","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9450062","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9450126","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9450185","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9450249","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9450308","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9450520","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9450584","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9450648","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9450704","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9450763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9450828","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9450890","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9450976","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9451053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9451104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9451190","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9451310","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9451361","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9451477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9451562","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9452617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9452669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9452770","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9452848","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9452906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9452972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9453030","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9453115","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9453174","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9453428","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9453502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9453566","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9453623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9453682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9453748","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9453809","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9453895","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9453971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9454024","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9454110","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9454233","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9454284","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9454373","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9454454","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9455510","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9455561","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9455654","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9455730","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9455788","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9455856","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9455914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9455977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9456035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9456249","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9456309","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9456370","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9456452","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9456512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9456579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9456640","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9456726","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9456805","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9456857","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9456942","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9457064","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9457115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9457200","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9457282","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9458341","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9458393","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9458511","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9458592","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9458651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9458715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9458774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9458836","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9458894","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9459112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9459173","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9459236","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9459291","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9459350","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9459414","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9459476","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9459561","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9459637","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9459688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9459774","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9459912","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9459963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9460047","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9460128","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9461175","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9461227","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9461321","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9461422","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9461485","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9461551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9461609","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9461691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9461750","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9461963","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9462023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9462087","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9462142","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9462201","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9462265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9462326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9462413","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9462489","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9462540","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9462624","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9462747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9462798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9462888","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9462986","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:35,9464037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9464116","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9464253","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:35,9464332","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9464390","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:35,9464454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:35,9464513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9464576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:35,9464634","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:35,9464846","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9464906","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:35,9464969","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:35,9465024","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:35,9465083","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9465148","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:35,9465244","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:35,9465331","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:35,9465409","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9465460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9465599","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9465719","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:35,9465770","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:35,9465857","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:35,9465940","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,0374536","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 26244, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:36,0839102","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 24548, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:36,7194112","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:36,7194326","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:24, LastWriteTime: 29.06.2022 10:28:24, ChangeTime: 29.06.2022 10:28:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:36,7194421","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:36,7195677","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:36,7195851","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:24, LastWriteTime: 29.06.2022 10:28:24, ChangeTime: 29.06.2022 10:28:24, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:36,7195934","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:36,7196731","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: 0, OpenResult: Opened"
"10:28:36,7197087","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 0, Length: 0, Priority: Normal"
"10:28:36,7197227","com.barraider.obstools.exe","7132","QueryStandardInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","AllocationSize: 143.360, EndOfFile: 142.576, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:28:36,7197332","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 142.576, Length: 79, Priority: Normal"
"10:28:36,7198237","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:36,8122963","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8123051","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,8123273","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,8123466","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,8123575","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,8123663","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,8123727","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8123797","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,8123858","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8124173","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8124246","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,8124322","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,8124383","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,8124451","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8124526","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,8124589","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8124708","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,8124801","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8124854","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,8124954","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8125128","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8125180","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,8125276","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8125385","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,8755101","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8755310","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,8755620","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,8755754","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,8755855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8755958","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,8756090","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,8756483","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8756596","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,8756734","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,8756831","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,8756933","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8757042","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,8757135","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,8757303","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,8757420","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8757533","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8757743","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,8757848","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,8757973","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9517881","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9517974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9518233","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9518428","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9518523","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9518626","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9518701","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9518803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9518878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9519291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9519366","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9519445","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9519504","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9519576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9519650","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9519717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9519837","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9519933","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9519988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9520087","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9520261","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9520315","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9520455","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9520553","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9521864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9521919","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9522023","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9522109","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9522172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9522246","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9522308","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9522373","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9522433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9522659","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9522724","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9522789","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9522847","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9522907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9522995","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9523061","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9523153","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9523232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9523285","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9523375","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9523551","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9523609","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9523702","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9523786","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9524858","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9524910","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9525035","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9525117","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9525310","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9525378","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9525438","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9525503","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9525561","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9525783","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9525847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9525916","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9525971","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9526031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9526102","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9526164","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9526254","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9526335","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9526388","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9526502","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9526630","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9526682","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9526767","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9526849","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9527919","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9527971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9528069","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9528148","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9528207","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9528273","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9528331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9528415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9528474","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9528686","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9528749","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9528813","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9528869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9528930","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9528996","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9529059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9529144","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9529232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9529283","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9529370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9529506","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9529557","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9529644","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9529728","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9530789","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9530841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9530935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9531014","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9531074","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9531140","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9531198","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9531263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9531322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9531571","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9531636","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9531700","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9531756","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9531815","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9531881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9531943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9532028","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9532106","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9532162","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9532283","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9532414","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9532466","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9532555","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9532641","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9533715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9533768","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9533863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9533941","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9534001","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9534069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9534131","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9534197","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9534256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9534480","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9534544","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9534609","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9534666","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9534726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9534793","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9534860","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9534948","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9535025","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9535080","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9535172","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9535293","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9535344","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9535431","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9535515","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9536611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9536665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9536764","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9536865","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9536927","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9536993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9537052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9537135","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9537196","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9537410","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9537472","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9537537","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9537596","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9537656","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9537726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9537790","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9537879","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9537960","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9538013","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9538117","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9538240","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9538297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9538385","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9538468","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:36,9539527","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9539581","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9539677","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:36,9539754","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9539814","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:36,9539883","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:36,9539943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9540007","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:36,9540067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:36,9540276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9540339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:36,9540403","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:36,9540460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:36,9540520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9540589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:36,9540671","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:36,9540761","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:36,9540840","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9540892","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9540980","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9541135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:36,9541194","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:36,9541280","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:36,9541363","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,2306627","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:37,6028145","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 13496"
"10:28:37,6028804","com.barraider.supermacro.exe","35152","TCP Send","kubernetes.docker.internal:60489 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51957292, endtime: 51957292, seqnum: 0, connid: 0"
"10:28:37,6029903","com.barraider.supermacro.exe","35152","Thread Create","","SUCCESS","Thread ID: 17968"
"10:28:37,7421547","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:37,8198212","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8198329","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,8198595","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,8198832","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,8198945","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,8199062","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,8199151","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8199252","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,8199325","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8199793","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8199892","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,8200011","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,8200123","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,8200264","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8200403","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,8200524","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8200704","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,8200839","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8200922","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,8201066","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8201310","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8201374","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,8201551","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8201687","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,8828942","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8829112","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,8829300","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,8829383","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,8829445","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8829539","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,8829596","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,8829862","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8829935","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,8830020","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,8830080","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,8830144","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8830213","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,8830272","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,8830387","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,8830463","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8830529","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8830662","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,8830724","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,8830807","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9592687","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9592778","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9592961","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9593144","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9593228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9593317","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9593382","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9593458","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9593518","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9593900","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9593975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9594054","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9594113","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9594181","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9594283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9594352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9594473","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9594568","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9594622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9594729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9594899","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9594953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9595045","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9595134","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9596385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9596473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9596575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9596926","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9597059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9597152","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9597219","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9597347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9597408","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9597807","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9597897","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9598005","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9598067","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9598135","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9598214","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9598281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9598387","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9598481","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9598538","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9598682","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9598877","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9598931","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9599032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9599130","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9600589","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9600644","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9600749","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9600842","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9600903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9600973","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9601033","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9601100","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9601159","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9601380","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9601482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9601551","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9601610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9601672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9601740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9601802","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9601890","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9601972","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9602025","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9602114","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9602245","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9602298","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9602409","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9602493","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9603567","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9603619","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9603761","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9603844","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9603905","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9603971","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9604030","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9604094","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9604153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9604370","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9604431","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9604494","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9604551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9604610","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9604677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9604741","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9604828","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9604906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9604959","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9605047","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9605172","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9605227","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9605315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9605399","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9606490","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9606542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9606641","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9606718","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9606777","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9606842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9606901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9606984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9607042","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9607257","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9607318","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9607381","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9607438","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9607498","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9607570","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9607630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9607718","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9607833","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9607893","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9607981","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9608104","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9608157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9608244","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9608328","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9609386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9609439","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9609537","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9609616","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9609677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9609743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9609802","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9609869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9609928","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9610139","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9610200","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9610265","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9610321","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9610384","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9610454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9610516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9610603","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9610681","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9610733","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9610819","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9610939","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9610991","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9611077","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9611160","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9612249","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9612302","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9612398","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9612476","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9612535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9612601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9612662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9612727","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9612786","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9612996","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9613055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9613120","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9613175","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9613235","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9613302","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9613387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9613474","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9613552","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9613606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9613695","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9613816","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9613867","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9613954","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9614036","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:37,9615088","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9615139","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9615236","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:37,9615349","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9615409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:37,9615475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:37,9615535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9615636","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:37,9615696","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:37,9615910","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9615971","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:37,9616036","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:37,9616093","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:37,9616153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9616218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:37,9616280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:37,9616368","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:37,9616475","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9616530","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9616616","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9616738","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:37,9616791","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:37,9616877","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:37,9616959","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,2536534","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:38,4707974","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 15716"
"10:28:38,5637967","com.barraider.voicemeeter.exe","8808","Thread Exit","","SUCCESS","Thread ID: 15976, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:38,7651582","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:38,7652483","com.barraider.obstools.exe","7132","TCP Disconnect","kubernetes.docker.internal:57872 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:38,7657144","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7659120","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7660034","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7660528","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7661232","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7665332","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7666218","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7666831","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7667569","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7668051","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7668462","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7668859","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7669261","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7669647","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7670053","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,7670442","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51957408, endtime: 51957408, seqnum: 0, connid: 0"
"10:28:38,8273075","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8273165","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,8273371","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,8273569","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,8273653","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,8273742","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,8273807","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8273880","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,8273941","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8274259","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8274329","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,8274405","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,8274465","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,8274532","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8274607","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,8274671","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8274786","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,8274883","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8274938","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,8275042","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8275222","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8275274","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,8275368","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8275462","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,8902298","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8902438","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,8902628","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,8902713","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,8902778","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8902848","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,8902905","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,8903176","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8903246","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,8903331","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,8903392","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,8903454","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8903526","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,8903622","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,8903746","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,8903823","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8903887","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8904017","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,8904079","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,8904161","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9667665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9667788","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9668008","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9668242","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9668339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9668451","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9668530","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9668619","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9668695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9669120","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9669209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9669304","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9669377","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9669463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9669553","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9669635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9669767","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9669876","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9669941","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9670072","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9670274","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9670340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9670460","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9670574","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9672143","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9672210","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9672339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9672440","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9672517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9672602","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9672677","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9672781","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9672855","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9673128","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9673206","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9673287","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9673358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9673432","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9673513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9673591","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9673702","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9673801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9673865","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9674006","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9674157","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9674222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9674333","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9674436","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9675755","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9675820","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9675939","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9676035","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9676110","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9676191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9676263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9676342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9676448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9676715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9676791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9676869","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9676939","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9677012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9677104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9677178","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9677264","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9677340","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9677391","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9677476","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9677596","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9677649","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9677736","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9677817","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9678873","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9678925","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9679024","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9679101","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9679177","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9679242","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9679300","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9679364","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9679421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9679632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9679693","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9679756","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9679852","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9679927","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9679992","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9680057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9680144","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9680222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9680275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9680362","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9680482","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9680533","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9680617","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9680700","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9681785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9681838","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9681935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9682011","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9682073","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9682139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9682198","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9682280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9682339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9682549","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9682610","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9682674","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9682729","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9682788","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9682853","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9682914","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9683003","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9683079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9683130","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9683216","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9683338","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9683390","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9683477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9683572","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9684623","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9684675","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9684771","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9684847","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9684907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9684976","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9685035","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9685100","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9685161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9685367","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9685430","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9685492","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9685564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9685623","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9685689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9685751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9685837","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9685914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9685968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9686054","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9686173","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9686224","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9686309","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9686420","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9687482","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9687534","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9687628","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9687705","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9687763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9687827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9687887","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9687951","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9688009","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9688224","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9688283","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9688346","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9688401","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9688460","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9688525","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9688585","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9688673","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9688748","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9688799","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9688883","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9689001","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9689052","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9689137","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9689220","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:38,9690264","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9690316","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9690413","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:38,9690488","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9690581","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:38,9690652","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:38,9690712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9690798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:38,9690859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:38,9691070","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9691136","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:38,9691205","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:38,9691262","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:38,9691322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9691413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:38,9691479","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:38,9691624","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:38,9691705","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9691761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9691866","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9691989","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:38,9692042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:38,9692127","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:38,9692210","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,1063885","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 13496, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:39,8349161","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8349255","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,8349473","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,8349666","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,8349758","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,8349859","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,8349932","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8350021","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,8350091","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8350428","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8350511","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,8350604","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,8350675","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,8350753","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8350839","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,8350916","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8351043","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,8351145","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8351208","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,8351324","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8351516","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8351577","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,8351686","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8351854","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,8980158","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8980297","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,8980477","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,8980559","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,8980619","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8980728","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,8980790","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,8981070","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8981142","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,8981224","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,8981284","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,8981348","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8981417","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,8981477","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,8981595","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,8981675","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8981740","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8981870","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,8981932","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,8982013","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9743766","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9743859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9744030","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9744174","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9744256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9744340","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9744470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9744543","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9744603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9744961","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9745032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9745105","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9745165","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9745227","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9745301","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9745368","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9745433","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 15716, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:39,9745478","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9745601","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9745682","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9745834","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9746011","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9746061","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9746153","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9746253","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9747460","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9747514","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9747610","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9747693","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9747949","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9748058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9748123","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9748237","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9748299","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9748640","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9748732","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9748845","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9748905","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9748970","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9749047","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9749116","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9749229","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9749319","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9749375","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9749495","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9749681","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9749733","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9749844","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9749936","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9751342","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9751395","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9751515","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9751608","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9751668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9751733","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9751793","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9751859","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9751916","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9752135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9752199","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9752268","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9752337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9752397","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9752463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9752524","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9752611","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9752720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9752774","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9752865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9752987","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9753037","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9753123","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9753205","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9754297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9754354","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9754462","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9754545","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9754605","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9754673","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9754731","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9754794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9754852","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9755065","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9755126","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9755190","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9755246","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9755305","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9755372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9755434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9755520","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9755595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9755648","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9755733","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9755854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9755906","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9755993","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9756076","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9757103","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9757154","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9757265","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9757342","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9757403","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9757466","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9757527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9757606","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9757664","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9757904","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9757968","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9758032","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9758087","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9758146","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9758212","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9758273","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9758358","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9758441","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9758492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9758577","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9758697","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9758747","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9758831","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9758911","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9759942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9759994","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9760090","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9760166","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9760223","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9760287","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9760345","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9760408","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9760466","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9760670","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9760729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9760791","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9760846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9760904","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9760970","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9761031","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9761124","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9761201","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9761253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9761342","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9761461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9761512","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9761598","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9761678","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9762725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9762782","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9762879","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9762975","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9763034","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9763098","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9763156","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9763220","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9763277","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9763485","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9763545","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9763607","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9763662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9763720","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9763784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9763878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9763963","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9764048","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9764100","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9764211","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9764334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9764385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9764471","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9764550","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:39,9765585","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9765636","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9765730","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:39,9765808","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9765866","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:39,9765929","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:39,9765987","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9766069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:39,9766127","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:39,9766334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9766395","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:39,9766457","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:39,9766512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:39,9766570","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9766635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:39,9766695","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:39,9766782","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:39,9766859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9766914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9766997","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9767136","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:39,9767186","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:39,9767272","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:39,9767353","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,5328988","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 6184, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:40,8431511","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8431606","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,8431782","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,8431939","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,8432031","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,8432125","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,8432200","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,8432286","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,8432360","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,8432661","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8432745","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,8432837","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,8432909","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,8432987","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,8433075","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,8433153","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,8433285","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,8433410","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8433468","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,8433594","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,8433796","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,8433857","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,8433957","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,8434055","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9058335","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9058476","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9058658","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9058739","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9058801","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9058907","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9058972","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9059263","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9059331","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9059414","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9059473","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9059533","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9059602","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9059659","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9059775","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9059852","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9059914","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9060056","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9060117","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9060196","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9824504","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9824597","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9824774","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9824938","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9825033","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9825129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9825196","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9825280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9825355","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9825720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9825791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9825864","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9825923","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9825989","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9826086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9826153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9826257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9826346","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9826398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9826511","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9826676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9826729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9826819","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9826922","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9828135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9828246","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9828348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9828429","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9828489","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9828555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9828633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9828702","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9828761","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9828974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9829034","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9829097","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9829153","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9829213","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9829278","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9829339","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9829427","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9829502","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9829555","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9829641","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9829765","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9829815","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9829901","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9829983","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9831026","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9831078","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9831176","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9831254","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9831326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9831391","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9831448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9831513","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9831571","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9831779","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9831840","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9831902","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9831956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9832015","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9832079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9832139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9832223","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9832299","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9832349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9832434","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9832552","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9832603","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9832687","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9832768","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9834581","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9834664","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9834847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9835068","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9835154","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9835240","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9835313","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9835385","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9835448","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9835793","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9835863","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9835947","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9836011","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9836079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9836154","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9836218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9836333","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9836420","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9836473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9836570","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9836736","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9836788","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9836881","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9836972","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9838041","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9838095","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9838270","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9838364","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9838426","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9838494","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9838592","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9838659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9838718","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9838945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9839009","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9839074","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9839130","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9839190","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9839256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9839319","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9839410","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9839489","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9839542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9839632","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9839757","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9839810","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9839902","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9839987","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9841049","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9841101","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9841213","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9841292","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9841352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9841418","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9841477","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9841542","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9841600","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9841809","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9841869","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9841931","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9841986","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9842045","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9842111","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9842173","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9842258","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9842334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9842384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9842469","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9842587","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9842636","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9842721","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9842805","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9843918","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9843971","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9844067","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9844146","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9844207","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9844272","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9844331","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9844396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9844454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9844669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9844729","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9844792","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9844846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9844903","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9844969","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9845052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9845137","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9845250","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9845311","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9845404","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9845539","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9845606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9845707","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9845790","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:40,9846835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9846887","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9846982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:40,9847062","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9847122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:40,9847186","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:40,9847263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9847328","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:40,9847387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:40,9847600","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9847663","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:40,9847726","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:40,9847784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:40,9847842","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9847907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:40,9847969","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:40,9848056","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:40,9848144","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9848238","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9848334","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9848461","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:40,9848513","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:40,9848597","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:40,9848680","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:41,7111308","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 14720, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:41,7111991","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 4216, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:41,8506085","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8506171","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,8506351","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:41,8506532","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,8506616","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:41,8506708","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:41,8506777","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,8506854","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:41,8506919","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,8507222","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8507298","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:41,8507383","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,8507449","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:41,8507520","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,8507598","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:41,8507665","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,8507782","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:41,8507876","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8507934","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,8508041","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:41,8508221","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,8508277","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,8508379","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:41,8508476","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:41,9135710","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9135851","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:41,9136030","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:41,9136146","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:41,9136209","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9136282","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:41,9136339","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9136600","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9136669","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:41,9136752","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,9136812","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:41,9136873","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9136940","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:41,9136998","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9137120","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:41,9137196","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9137263","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:41,9137406","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9137468","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:41,9137548","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:41,9900696","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9900778","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:41,9900964","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:41,9901138","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,9901216","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:41,9901300","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:41,9901362","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9901434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:41,9901496","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:41,9901861","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:41,9901931","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:41,9902007","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:41,9902065","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:41,9902133","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9902206","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:41,9902270","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:41,9902382","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:41,9902471","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Han

barraiderRegistryAccess.html