At 4:11 AM, the stub fired.
Then the real handshake began.
She opened it in a hex editor. It wasn't machine code. It was a journal—entries from 2003, 2011, 2019—each signed with a different sysadmin’s key. All of them had worked her job before her. All of them had seen the same error. advapi64.dll
She traced the caller: a hidden service named EventCollator.exe , timestamped the day she was born. It lived in a folder with no permissions, no owner—just a single log entry: > LoadLibrary("advapi64.dll") → FAIL At 4:11 AM, the stub fired