Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
BarRaider Stream Deck Extensions Registry Access (analyzed with Sysinternals Process Monitor)
We can't make this file beautiful and searchable because it's too large.
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"10:28:19,8254308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8254382","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8254501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8254559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8254618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8254687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8254775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8254865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8254944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8254999","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8255088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8255213","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8255266","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8255356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8255438","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8256541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8256605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8256719","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8256807","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8256876","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8256984","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8257053","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8257122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8257182","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8257394","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8257454","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8257516","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8257574","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8257635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8257714","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8257778","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8257865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8257944","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8257997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8258113","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8258256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8258310","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8258400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8258483","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8259533","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8259590","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8259690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8259774","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8259835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8259901","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8259960","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8260027","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8260160","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8260528","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8260619","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8260721","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8260797","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8260860","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8260931","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8260997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8261097","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8261190","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8261247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8261355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8261542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8261595","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8261697","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8261824","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8262953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8263007","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8263112","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8263199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8263265","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8263334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8263396","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8263462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8263521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8263744","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8263812","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8263912","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8263977","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8264037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8264106","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8264169","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8264257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8264334","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8264392","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8264482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8264606","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8264659","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8264766","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8264864","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,8265915","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8265968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8266064","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:19,8266146","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8266205","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:19,8266292","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:19,8266352","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8266449","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:19,8266517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:19,8266769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8266835","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:19,8266900","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:19,8266956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:19,8267015","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8267081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:19,8267146","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:19,8267236","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:19,8267312","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8267364","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8267451","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8267574","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:19,8267632","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:19,8267718","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:19,8267801","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:19,9484491","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 1960, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:20,6923744","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6923851","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6924067","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,6924287","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,6924368","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,6924459","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,6924563","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,6924647","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,6924708","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,6925052","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6925124","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,6925218","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,6925282","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,6925354","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,6925432","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,6925502","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,6925630","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,6925747","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6925804","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6925916","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,6926099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,6926157","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,6926256","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,6926356","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,7543420","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 33972, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:20,7555317","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7555461","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,7555650","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,7555733","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,7555795","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,7555869","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,7555929","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,7556181","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7556252","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,7556342","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,7556432","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,7556499","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,7556609","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,7556674","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,7556797","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,7556876","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7556944","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,7557081","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,7557144","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,7557227","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8317865","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8317964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8318171","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8318416","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8318505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8318595","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8318659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8318736","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8318798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8319188","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8319261","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8319342","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8319402","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8319469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8319554","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8319618","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8319738","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8319829","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8319883","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8319982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8320160","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8320212","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8320307","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8320398","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8321701","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8321756","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8321857","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8321941","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8322003","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8322069","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8322129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8322195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8322253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8322473","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8322535","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8322599","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8322655","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8322717","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8322784","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8322847","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8322935","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8323012","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8323065","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8323154","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8323275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8323327","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8323414","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8323497","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8324556","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8324608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8324703","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8324781","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8324840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8324951","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8325039","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8325109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8325167","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8325383","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8325445","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8325511","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8325566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8325625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8325692","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8325755","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8325839","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8325917","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8325968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8326062","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8326204","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8326260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8326369","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8326499","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8327564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8327616","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8327711","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8327789","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8327849","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8327920","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8327979","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8328044","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8328104","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8328315","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8328376","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8328440","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8328497","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8328556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8328622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8328683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8328771","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8328854","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8328905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8328990","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8329110","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8329163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8329249","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8329332","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8330384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8330436","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8330549","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8330625","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8330689","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8330754","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8330814","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8330877","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8330936","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8331148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8331209","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8331272","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8331328","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8331415","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8331484","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8331546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8331633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8331710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8331761","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8331847","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8331969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8332020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8332105","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8332202","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8333260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8333313","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8333407","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8333484","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8333545","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8333609","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8333687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8333752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8333810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8334020","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334080","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8334143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8334199","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8334259","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8334325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8334404","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8334491","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8334569","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8334710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8334887","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8334942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8335032","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8335115","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8336219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8336272","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8336366","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8336475","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8336535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8336601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8336661","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8336726","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8336787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8337002","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337067","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8337132","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8337188","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8337248","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8337315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8337377","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8337464","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8337541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337594","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8337701","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8337831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8337884","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8337985","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8338069","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:20,8339126","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8339179","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8339273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:20,8339351","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8339410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:20,8339476","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:20,8339536","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8339603","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:20,8339662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:20,8339872","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8339934","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:20,8339996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:20,8340052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:20,8340112","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8340178","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:20,8340239","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:20,8340325","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:20,8340402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8340454","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8340539","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8340658","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:20,8340715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:20,8340802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:20,8340884","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,6998615","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,6998725","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,6998898","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,6999087","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,6999191","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,6999453","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,6999642","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,6999762","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,6999827","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7000207","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7000299","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,7000417","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,7000488","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,7000560","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7000651","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,7000730","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7000931","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,7001264","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7001353","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,7001550","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7001840","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7001893","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,7002000","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7002140","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,7628686","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7628853","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,7629037","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,7629130","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,7629195","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7629267","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,7629326","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,7629603","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7629680","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,7629781","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,7629977","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,7630043","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7630141","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,7630201","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,7630316","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,7630426","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7630503","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7630646","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,7630720","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,7630823","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8392835","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8392929","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8393124","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8393316","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8393410","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8393512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8393588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8393675","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8393749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8394163","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8394245","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8394335","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8394433","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8394514","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8394601","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8394681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8394814","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8394920","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8394986","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8395109","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8395308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8395399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8395517","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8395633","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8397161","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8397246","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8397384","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8397487","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8397563","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8397646","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8397719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8397799","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8397871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8398144","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8398219","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8398298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8398367","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8398439","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8398522","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8398596","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8398707","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8398801","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8398864","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8398988","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8399137","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8399200","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8399319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8399422","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8400729","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8400792","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8400908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8401057","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8401132","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8401212","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8401304","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8401542","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8401760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8402242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8402334","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8402455","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8402520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8402588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8402668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8402734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8402849","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8402945","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8403004","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8403134","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8403333","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8403386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8403482","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8403577","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8404997","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8405054","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8405181","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8405284","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8405363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8405436","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8405511","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8405590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8405651","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8405874","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8405938","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8406004","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8406059","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8406118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8406186","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8406247","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8406334","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8406445","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8406503","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8406600","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8406725","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8406777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8406865","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8406948","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8408147","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8408218","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8408373","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8408483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8408588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8408672","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8408749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8408821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8408879","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8409115","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409178","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8409245","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8409305","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8409363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8409430","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8409493","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8409581","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8409660","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409710","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8409798","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8409924","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8409975","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8410059","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8410141","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8411222","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8411275","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8411370","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8411504","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8411564","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8411630","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8411705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8411770","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8411827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8412042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8412104","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8412169","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8412226","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8412284","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8412349","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8412409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8412496","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8412611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8412669","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8412784","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8412953","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8413030","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8413150","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8413263","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8414443","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8414499","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8414606","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8414692","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8414752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8414820","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8414878","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8414941","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8414999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8415232","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8415293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8415356","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8415413","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8415496","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8415562","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8415622","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8415711","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8415790","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8415841","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8415927","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8416051","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8416102","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8416185","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8416267","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:21,8417361","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8417413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8417509","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:21,8417586","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8417645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:21,8417708","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:21,8417767","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8417830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:21,8417889","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:21,8418099","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418158","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:21,8418220","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:21,8418274","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:21,8418332","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8418398","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:21,8418461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:21,8418545","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:21,8418622","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418673","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8418758","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8418876","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:21,8418927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:21,8419010","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:21,8419091","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,0408484","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 28164, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:22,7072988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7073152","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7073457","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,7073693","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7073801","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,7073938","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,7074002","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7074074","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,7074136","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7074521","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7074751","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,7074892","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7074982","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,7075062","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7075194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,7075272","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7075407","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,7075522","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7075579","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7075710","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7075924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7075988","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,7076096","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7076224","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,7703530","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7703673","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,7703855","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,7703958","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,7704055","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7704137","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,7704197","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,7704493","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7704562","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,7704652","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,7704713","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,7704777","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7704849","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,7704912","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,7705029","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,7705109","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7705172","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7705318","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,7705380","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,7705489","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8467692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8467817","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8468030","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8468276","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8468368","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8468463","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8468535","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8468612","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8468725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8469276","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8469360","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8469452","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8469662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8469742","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8469826","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8469899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8470057","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8470168","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8470230","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8470339","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8470527","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8470587","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8470690","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8470795","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8472226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8472308","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8472426","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8472518","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8472583","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8472657","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8472722","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8472795","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8472861","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8473112","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8473180","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8473250","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8473311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8473389","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8473461","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8473527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8473622","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8473706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8473763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8473862","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8474008","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8474059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8474144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8474226","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8475297","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8475349","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8475446","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8475521","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8475579","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8475725","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8475785","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8475848","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8475906","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8476122","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8476187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8476253","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8476311","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8476372","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8476470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8476538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8476627","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8476706","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8476758","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8476933","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8477060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8477113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8477199","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8477281","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8478331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8478524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8478638","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8478723","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8478833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8478900","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8478958","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8479029","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8479086","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8479309","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8479402","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8479471","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8479529","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8479587","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8479653","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8479721","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8479815","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8479896","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8479976","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8480070","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8480196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8480253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8480343","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8480427","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8481515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8481570","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8481667","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8481752","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8481821","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8481888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8481948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8482010","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8482070","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8482289","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8482356","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8482420","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8482475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8482532","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8482598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8482659","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8482750","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8482827","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8482879","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8482965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8483090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8483145","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8483228","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8483331","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8484421","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8484476","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8484569","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8484646","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8484705","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8484787","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8484846","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8484909","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8484968","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8485177","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8485241","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8485305","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8485373","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8485432","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8485499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8485566","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8485656","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8485731","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8485786","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8485871","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8485989","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8486042","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8486128","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8486209","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8487271","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8487325","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8487422","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8487501","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8487559","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8487624","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8487683","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8487746","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8487803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8488052","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488119","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8488183","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8488256","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8488315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8488406","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8488469","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8488559","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8488643","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488704","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8488792","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8488914","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8488964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8489055","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8489136","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:22,8490172","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8490226","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8490319","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:22,8490394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8490453","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:22,8490521","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:22,8490582","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8490645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:22,8490703","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:22,8490913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8490975","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:22,8491048","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:22,8491110","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:22,8491170","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8491236","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:22,8491296","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:22,8491411","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:22,8491491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8491543","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8491629","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8491755","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:22,8491807","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:22,8491911","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:22,8491993","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,4512698","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4744"
"10:28:23,5598458","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 18948"
"10:28:23,5598757","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 10116"
"10:28:23,5601506","com.barraider.voicemeeter.exe","8808","TCP Send","kubernetes.docker.internal:60488 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51955887, endtime: 51955887, seqnum: 0, connid: 0"
"10:28:23,5602286","com.barraider.voicemeeter.exe","8808","Thread Create","","SUCCESS","Thread ID: 2900"
"10:28:23,7148484","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7148672","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7148946","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,7149188","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7149309","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,7149460","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,7149550","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7149667","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,7149759","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7150187","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7150298","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,7150419","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7150513","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,7150621","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7150749","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,7150845","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7151012","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,7151241","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7151515","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7151704","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7152040","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7152096","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,7152196","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7152333","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,7778981","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7779112","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,7779289","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,7779419","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,7779516","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7779596","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,7779656","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,7779939","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780010","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,7780092","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,7780154","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,7780216","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7780311","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,7780371","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,7780494","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,7780575","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780639","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7780770","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,7780834","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,7780932","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8542996","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8543125","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8543401","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8543649","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8543774","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8543907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8543996","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8544096","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8544183","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8544676","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8544795","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8544922","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8545013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8545118","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8545229","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8545322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8545487","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8545613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8545688","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8545860","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8546094","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8546169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8546313","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8546490","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8548130","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8548219","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8548400","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8548535","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8548633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8548737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8548825","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8548923","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8549012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8549352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8549450","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8549551","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8549638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8549740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8549841","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8549929","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8550063","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8550180","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8550257","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8550396","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8550583","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8550662","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8550797","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8550931","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8552415","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8552492","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8552650","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8552788","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8552882","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8553013","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8553122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8553220","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8553325","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8553685","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8553787","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8553889","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8553972","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8554063","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8554165","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8554257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8554400","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8554523","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8554611","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8554753","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8554938","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8555015","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8555203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8555354","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8556848","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8556927","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8557084","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8557235","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8557326","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8557422","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8557505","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8557598","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8557681","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8558003","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8558106","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8558205","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8558289","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8558376","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8558470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8558556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8558690","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8558810","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8558895","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8559038","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8559223","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8559300","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8559433","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8559567","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8561019","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8561107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8561259","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8561412","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8561512","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8561611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8561697","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8561798","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8561888","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8562228","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8562327","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8562434","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8562516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8562607","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8562710","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8562801","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8562941","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8563060","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8563141","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8563274","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8563486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8563564","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8563722","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8563868","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8565324","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8565405","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8565563","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8565687","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8565783","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8565899","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8565988","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8566085","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8566174","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8566535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8566642","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8566747","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8566839","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8566948","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8567052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8567138","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8567273","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8567402","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8567484","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8567632","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8567822","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8567905","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8568039","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8568176","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8569633","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8569717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8569868","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8570002","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8570091","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8570195","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8570280","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8570374","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8570459","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8570777","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8570872","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8570970","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8571097","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8571191","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8571297","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8571417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8571561","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8571678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8571763","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8571904","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8572090","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8572169","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8572303","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8572441","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:23,8573913","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8573992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8574156","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:23,8574280","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8574369","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:23,8574462","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:23,8574550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8574649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:23,8574734","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:23,8575053","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8575157","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:23,8575263","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:23,8575354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:23,8575446","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8575550","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:23,8575645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:23,8575779","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:23,8575894","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8575980","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8576120","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8576316","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:23,8576434","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:23,8576579","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:23,8576732","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,6603992","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:24,6604205","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:24,6604284","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,6605348","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened"
"10:28:24,6605657","com.barraider.obstools.exe","7132","QueryNetworkOpenInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","CreationTime: 29.06.2022 00:01:39, LastAccessTime: 29.06.2022 10:28:12, LastWriteTime: 29.06.2022 10:28:12, ChangeTime: 29.06.2022 10:28:12, AllocationSize: 01.01.1601 02:00:00, EndOfFile: 01.01.1601 02:00:00, FileAttributes: A"
"10:28:24,6605762","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,6606802","com.barraider.obstools.exe","7132","CreateFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Delete, AllocationSize: 0, OpenResult: Opened"
"10:28:24,6607156","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 0, Length: 0, Priority: Normal"
"10:28:24,6607340","com.barraider.obstools.exe","7132","QueryStandardInformationFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","AllocationSize: 143.360, EndOfFile: 142.497, NumberOfLinks: 1, DeletePending: False, Directory: False"
"10:28:24,6607446","com.barraider.obstools.exe","7132","WriteFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS","Offset: 142.497, Length: 79, Priority: Normal"
"10:28:24,6608559","com.barraider.obstools.exe","7132","CloseFile","C:\Users\Jaid\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\pluginlog.log","SUCCESS",""
"10:28:24,7222924","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7223008","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7223198","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,7223387","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7223466","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,7223548","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,7223609","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7223679","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,7223740","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7224043","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7224112","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,7224186","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7224243","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,7224308","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7224378","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,7224441","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7224550","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,7224639","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7224690","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7224786","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7224964","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7225014","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,7225103","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7225193","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,7853050","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7853200","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,7853391","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,7853503","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,7853565","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7853637","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,7853696","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,7853970","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854040","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,7854127","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,7854187","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,7854249","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7854319","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,7854400","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,7854519","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,7854595","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854660","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7854803","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,7854867","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,7854950","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8617515","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8617605","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8617790","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8617972","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8618052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8618141","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8618209","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8618290","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8618350","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8618734","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8618805","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8618881","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8618978","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8619054","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8619129","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8619194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8619310","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8619399","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8619451","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8619577","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8619746","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8619797","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8619891","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8619984","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8621197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8621252","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8621353","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8621467","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8621527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8621615","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8621674","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8621738","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8621796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8622014","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622075","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8622140","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8622194","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8622253","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8622322","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8622382","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8622467","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8622542","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622592","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8622678","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8622798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8622849","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8622932","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8623012","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8624057","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8624108","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8624203","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8624277","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8624334","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8624397","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8624454","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8624517","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8624573","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8624781","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8624843","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8624905","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8624959","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8625018","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8625083","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8625143","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8625225","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8625301","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8625352","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8625434","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8625567","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8625617","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8625702","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8625787","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8627097","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8627165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8627320","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8627435","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8627518","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8627589","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8627649","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8627716","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8627775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8628035","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8628170","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8628227","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8628288","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8628354","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8628417","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8628518","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8628599","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628651","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8628744","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8628882","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8628932","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8629020","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8629106","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8630156","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8630206","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8630300","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8630380","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8630472","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8630555","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8630617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8630682","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8630740","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8630964","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631024","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8631088","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8631159","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8631218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8631282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8631342","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8631457","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8631535","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631586","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8631672","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8631793","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8631843","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8631926","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8632011","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8633148","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8633199","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8633293","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8633368","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8633426","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8633489","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8633546","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8633611","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8633668","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8633875","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8633935","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8633996","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8634051","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8634109","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8634172","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8634231","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8634316","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8634397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8634452","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8634543","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8634665","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8634715","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8634802","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8634888","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8635942","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8635992","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8636101","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8636178","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8636235","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8636298","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8636355","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8636447","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8636506","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8636720","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8636779","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8636843","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8636898","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8636956","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8637021","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8637081","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8637166","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8637242","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8637291","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8637374","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8637491","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8637541","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8637624","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8637705","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,8638764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8638814","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8638906","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:24,8639000","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8639058","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:24,8639136","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:24,8639193","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8639255","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:24,8639312","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:24,8639516","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8639575","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:24,8639637","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:24,8639691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:24,8639749","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8639812","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:24,8639871","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:24,8639954","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:24,8640028","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8640079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8640196","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8640328","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:24,8640379","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:24,8640477","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:24,8640563","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:24,9548917","com.barraider.obstools.exe","7132","Thread Exit","","SUCCESS","Thread ID: 4744, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,0633995","com.barraider.voicemeeter.exe","8808","Thread Exit","","SUCCESS","Thread ID: 10116, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,1562619","com.barraider.supermacro.exe","35152","Thread Exit","","SUCCESS","Thread ID: 34356, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:25,1716748","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:25,5282649","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 30620"
"10:28:25,5283047","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 16784"
"10:28:25,5285594","com.barraider.twitchtools.exe","36544","TCP Send","kubernetes.docker.internal:60487 -> kubernetes.docker.internal:28196","SUCCESS","Length: 6, startime: 51956084, endtime: 51956084, seqnum: 0, connid: 0"
"10:28:25,5286857","com.barraider.twitchtools.exe","36544","Thread Create","","SUCCESS","Thread ID: 8000"
"10:28:25,6911649","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:25,7297923","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7298011","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7298191","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,7298381","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7298478","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,7298592","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,7298796","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7299155","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,7299228","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7299632","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7299744","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,7299879","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7299943","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,7300011","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7300092","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,7300159","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7300280","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,7300553","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7300627","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7300770","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7301033","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7301090","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,7301215","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7301346","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,7927386","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7927516","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,7927690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,7927772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,7927844","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7927946","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,7928004","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,7928273","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7928348","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,7928509","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,7928578","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,7928641","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7928711","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,7928771","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,7928888","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,7928983","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7929051","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7929220","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,7929284","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,7929373","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8692551","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8692644","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8692854","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8693052","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8693161","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8693254","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8693320","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8693499","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8693794","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8694303","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8694405","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8694530","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8694597","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8694664","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8694744","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8694813","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8694940","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8695034","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8695098","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8695222","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8695419","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8695486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8695620","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8695721","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8697165","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8697253","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8697365","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8697479","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8697544","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8697625","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8697687","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8697765","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8697827","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8698059","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698129","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8698199","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8698257","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8698315","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8698381","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8698443","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8698536","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8698618","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698678","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8698776","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8698902","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8698960","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8699049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8699134","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8700198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8700255","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8700355","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8700442","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8700516","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8700584","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8700658","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8700737","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8700796","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8701011","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8701076","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8701143","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8701218","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8701279","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8701345","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8701435","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8701524","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8701613","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8701716","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8701833","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8701969","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8702066","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8702164","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8702254","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8703314","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8703381","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8703483","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8703562","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8703633","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8703699","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8703758","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8703830","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8703917","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8704134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8704198","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8704300","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8704360","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8704421","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8704487","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8704556","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8704684","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8704764","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8704816","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8704908","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8705031","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8705083","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8705169","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8705272","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8706322","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8706406","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8706505","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8706619","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8706684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8706752","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8706811","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8706875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8706943","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8707159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8707226","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8707298","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8707363","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8707423","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8707490","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8707551","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8707637","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8707717","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8707769","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8707864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8707988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8708075","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8708167","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8708257","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8709337","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8709398","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8709495","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8709575","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8709635","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8709701","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8709760","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8709835","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8709894","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8710113","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8710187","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8710278","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8710366","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8710434","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8710533","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8710662","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8710758","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8710837","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8710891","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8710982","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8711111","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8711164","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8711258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8711341","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8712425","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8712481","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8712583","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8712664","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8712763","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8712833","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8712891","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8712961","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8713037","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8713256","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8713326","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8713393","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8713450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8713509","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8713576","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8713638","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8713723","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8713803","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8713859","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8713956","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8714079","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8714134","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8714239","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8714326","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:25,8715386","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8715557","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8715662","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:25,8715741","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8715803","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:25,8715868","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:25,8715928","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8715993","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:25,8716052","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:25,8716263","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8716358","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:25,8716483","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:25,8716549","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:25,8716613","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8716680","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:25,8716804","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:25,8717007","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:25,8717131","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8717198","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8717315","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8717486","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:25,8717539","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:25,8717705","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:25,8717820","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,2041656","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7086508","com.barraider.obstools.exe","7132","TCP Reconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7087140","com.barraider.obstools.exe","7132","TCP Disconnect","kubernetes.docker.internal:57852 -> kubernetes.docker.internal:4444","SUCCESS","Length: 0, seqnum: 0, connid: 0"
"10:28:26,7091792","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7092801","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 6800"
"10:28:26,7093367","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 14720"
"10:28:26,7095002","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7095672","com.barraider.obstools.exe","7132","Thread Create","","SUCCESS","Thread ID: 4216"
"10:28:26,7096098","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7096887","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7097331","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7097795","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7098200","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7098642","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 193, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099076","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099504","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7099905","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7100328","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7100767","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7101164","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7101584","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7102054","com.barraider.obstools.exe","7132","TCP Send","kubernetes.docker.internal:60490 -> kubernetes.docker.internal:28196","SUCCESS","Length: 107, startime: 51956202, endtime: 51956202, seqnum: 0, connid: 0"
"10:28:26,7373098","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7373262","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7373525","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,7373749","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,7373856","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,7373969","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,7374058","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,7374153","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,7374231","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,7374589","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7374678","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,7374778","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,7374859","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,7375079","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,7375194","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,7375276","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,7375427","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,7375592","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7375667","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7375797","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,7376024","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,7376099","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,7376223","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,7376352","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8002355","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8002487","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8002690","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8002772","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8002831","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8002905","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8002962","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8003210","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8003279","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8003357","com.barraider.twitchtools.exe","36544","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8003417","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8003496","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8003564","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8003623","com.barraider.twitchtools.exe","36544","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8003729","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8003807","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8003869","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8004005","com.barraider.twitchtools.exe","36544","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8004066","com.barraider.twitchtools.exe","36544","RegOpenKey","HKLM\Software\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8004146","com.barraider.twitchtools.exe","36544","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8767684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8767785","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8767994","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8768198","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8768281","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8768387","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8768455","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8768527","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8768588","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8768974","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8769098","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8769203","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8769269","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8769337","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8769411","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8769488","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8769631","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8769745","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8769832","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8769949","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8770135","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8770189","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8770284","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8770379","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8771684","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8771743","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8771864","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8771949","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8772012","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8772079","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8772139","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8772204","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8772282","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8772508","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8772570","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8772635","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8772691","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8772751","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8772819","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8772881","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8772968","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8773047","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8773100","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8773204","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8773331","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8773384","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8773473","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8773556","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8774640","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8774695","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8774791","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8774871","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8774933","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8774997","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8775057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8775122","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8775181","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8775397","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8775458","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8775523","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8775586","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8775645","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8775718","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8775779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8775865","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8775949","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8776001","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8776088","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8776209","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8776260","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8776349","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8776463","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8777525","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8777577","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8777671","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8777751","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8777810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8777875","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8777934","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8777999","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8778057","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8778270","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8778330","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8778394","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8778450","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8778508","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8778575","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8778637","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8778722","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8778798","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8778850","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8778936","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8779056","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8779107","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8779197","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8779283","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8780360","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8780413","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8780560","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8780647","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8780712","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8780779","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8780840","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8780907","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8780983","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8781197","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8781258","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8781323","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8781407","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8781470","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8781538","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8781600","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8781687","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8781765","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8781818","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8781905","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8782044","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8782096","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8782183","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8782270","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8783332","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8783385","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8783480","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8783557","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8783617","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8783684","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8783743","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8783810","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8783869","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8784082","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784144","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8784207","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8784263","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8784343","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8784412","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8784475","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8784562","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8784639","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784692","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8784778","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8784898","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8784951","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8785052","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8785135","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8786196","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8786247","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8786348","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8786458","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8786520","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8786590","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8786650","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8786715","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8786775","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8786988","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787049","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8787113","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8787168","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8787228","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8787295","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8787358","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8787444","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8787524","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787575","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8787683","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8787804","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8787856","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8787965","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8788049","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:26,8789105","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8789159","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8789273","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:26,8789350","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8789409","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:26,8789482","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:26,8789557","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8789632","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:26,8789719","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:26,8789968","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790033","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:26,8790099","com.barraider.obstools.exe","7132","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:26,8790155","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:26,8790215","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8790283","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:26,8790347","com.barraider.obstools.exe","7132","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:26,8790470","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:26,8790553","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790608","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8790710","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\Offload","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8790831","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:26,8790897","com.barraider.obstools.exe","7132","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:26,8790997","com.barraider.obstools.exe","7132","RegOpenKey","HKLM\Software\WOW6432Node\Microsoft\Cryptography\DESHashSessionKeyBackward","NAME NOT FOUND","Desired Access: Read"
"10:28:26,8791082","com.barraider.obstools.exe","7132","RegCloseKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS",""
"10:28:27,0322869","com.barraider.twitchtools.exe","36544","Thread Exit","","SUCCESS","Thread ID: 16784, User Time: 0.0000000, Kernel Time: 0.0000000"
"10:28:27,7448185","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7448276","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7448476","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","Desired Access: Read"
"10:28:27,7448676","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,7448770","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Type","SUCCESS","Type: REG_DWORD, Length: 4, Data: <REDACTED>"
"10:28:27,7448860","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 12"
"10:28:27,7448923","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,7448994","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","BUFFER OVERFLOW","Length: 45"
"10:28:27,7449055","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Enhanced RSA and AES Cryptographic Provider\Image Path","SUCCESS","Type: REG_SZ, Length: 66, Data: <REDACTED>"
"10:28:27,7449387","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7449472","com.barraider.supermacro.exe","35152","RegOpenKey","HKLM\Software\Microsoft\Cryptography","SUCCESS","Desired Access: Read"
"10:28:27,7449577","com.barraider.supermacro.exe","35152","RegSetInfoKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"10:28:27,7449652","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 12"
"10:28:27,7449724","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,7449799","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","BUFFER OVERFLOW","Length: 49"
"10:28:27,7449879","com.barraider.supermacro.exe","35152","RegQueryValue","HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid","SUCCESS","Type: REG_SZ, Length: 74, Data: <REDACTED>"
"10:28:27,7450020","com.barraider.supermacro.exe","35152","RegCloseKey","HKLM\SOFTWARE\Microsoft\Cryptography","SUCCESS",""
"10:28:27,7450118","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"10:28:27,7450179","com.barraider.supermacro.exe","35152","RegQueryKey","HKLM","SUCCESS","Query: Name"
"10:28:27,7450281","com.barraider.supermacro.exe","35152&q