今天下午安装了Teamviewer最新版本,安装的时候选的是个人使用非商业版本 。等我使用玩之后发现弹出了个窗口
然后利用任务管理器发现居然是“mshta.exe”这个进程,,
然后利用火绒剑监测出如下这些信息,求大神怎么破!!!!
22:50:49:697, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\KnownClasses, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:413, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:413, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization, type:0x00000001 datalen:16 data:'4E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:413, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization, type:0x00000001 datalen:16 data:'4E 00 65 00 74 00 77 00 6F 00 72 00 6B 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Users\Administrator\AppData\Local\Temp\TeamViewer\7.hta, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000040 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Users\Administrator\AppData\Local\Temp\TeamViewer\7.hta, access:0x00120196 alloc_size:0 attrib:0x00000080 share_access:0x00000003 disposition:0x00000005 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, FILE_truncate, C:\Users\Administrator\AppData\Local\Temp\TeamViewer\7.hta, eof:0x00000000 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, FILE_write, C:\Users\Administrator\AppData\Local\Temp\TeamViewer\7.hta, offset:0x00000000 datalen:0x00000434 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Users\Administrator\AppData\Local\Temp\TeamViewer\7.hta, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, FILE_modified, C:\Users\Administrator\AppData\Local\Temp\TeamViewer\7.hta, , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Drive\shellex\FolderExtensions, access:0x00000008 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions, access:0x00000008 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Drive\shellex\FolderExtensions, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask, type:0x00000004 datalen:4 data:'20 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.exe\, type:0x00000001 datalen:16 data:'65 00 78 00 65 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\CurVer, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\CurVer, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\ShellEx\IconHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\ShellEx\IconHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\SystemFileAssociations\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\SystemFileAssociations\.exe\ShellEx\IconHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\DocObject, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:429, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\DocObject, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe\DocObject, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\SystemFileAssociations\.exe\DocObject, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\BrowseInPlace, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\BrowseInPlace, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe\BrowseInPlace, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\SystemFileAssociations\.exe\BrowseInPlace, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.exe\Content Type, type:0x00000001 datalen:50 data:'61 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\Clsid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\Clsid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe\Clsid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\SystemFileAssociations\.exe\Clsid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\SystemFileAssociations\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.exe, type:0x00000001 datalen:16 data:'70 00 72 00 6F 00 67 00 72 00 61 00 6D 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TreatAs, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TreatAs, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\, type:0x00000001 datalen:48 data:'4D 00 65 00 6D 00 6F 00 72 00 79 00 20 00 4D 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\, type:0x00000001 datalen:48 data:'4D 00 65 00 6D 00 6F 00 72 00 79 00 20 00 4D 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:445, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32\, type:0x00000002 datalen:68 data:'25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32\, type:0x00000002 datalen:68 data:'25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32\, type:0x00000002 datalen:68 data:'25 00 53 00 79 00 73 00 74 00 65 00 6D 00 52 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32\ThreadingModel, type:0x00000001 datalen:10 data:'42 00 6F 00 74 00 68 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocHandler32, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocHandler32, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes, access:0x02000000 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TreatAs, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\TreatAs, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\propsys.dll, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\propsys.dll, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\System32\propsys.dll, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\propsys.dll, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\propsys.dll, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\System32\propsys.dll, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.exe\, type:0x00000001 datalen:16 data:'65 00 78 00 65 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\CurVer, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\CurVer, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open\command, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\DropTarget, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open\DropTarget, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.exe\, type:0x00000001 datalen:16 data:'65 00 78 00 65 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.ade, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.ade, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.adp, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.adp, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.app, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.app, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.asp, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.asp, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.asp, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.asp\, type:0x00000001 datalen:16 data:'61 00 73 00 70 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.bas, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.bas, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.bas, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.bat, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.bat, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.bat, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.bat\, type:0x00000001 datalen:16 data:'62 00 61 00 74 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.cer, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.cer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.cer, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:461, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.cer\, type:0x00000001 datalen:16 data:'43 00 45 00 52 00 46 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.chm, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.chm, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.chm, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.chm\, type:0x00000001 datalen:18 data:'63 00 68 00 6D 00 2E 00 66 00 69 00 6C 00 65 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.cmd, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.cmd, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.cmd, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.cmd\, type:0x00000001 datalen:16 data:'63 00 6D 00 64 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.com, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.com, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.com, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.com\, type:0x00000001 datalen:16 data:'63 00 6F 00 6D 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.cpl, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.cpl, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.cpl, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.cpl\, type:0x00000001 datalen:16 data:'63 00 70 00 6C 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.crt, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.crt, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.crt, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.crt\, type:0x00000001 datalen:16 data:'43 00 45 00 52 00 46 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.csh, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.csh, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\, type:0x00000001 datalen:34 data:'53 00 65 00 63 00 75 00 72 00 69 00 74 00 79 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\, type:0x00000001 datalen:34 data:'53 00 65 00 63 00 75 00 72 00 69 00 74 00 79 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32\, type:0x00000001 datalen:62 data:'43 00 3A 00 5C 00 57 00 69 00 6E 00 64 00 6F 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32\, type:0x00000001 datalen:62 data:'43 00 3A 00 5C 00 57 00 69 00 6E 00 64 00 6F 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32\ThreadingModel, type:0x00000001 datalen:10 data:'42 00 6F 00 74 00 68 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler32, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocHandler, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes, access:0x02000000 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\TreatAs, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Security, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Security, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SpecialFoldersCacheSize, type:0x00000004 datalen:4 data:'08 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\, filter:'Windows' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\Windows, filter:'system32' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\Windows\SysWOW64, filter:'mshta.exe' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120080 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers, access:0x00020019 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open\command, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open\command, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\command, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\exefile\shell\open\command\, type:0x00000001 datalen:16 data:'22 00 25 00 31 00 22 00 20 00 25 00 2A 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CLASSES_ROOT\.exe\, type:0x00000001 datalen:16 data:'65 00 78 00 65 00 66 00 69 00 6C 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\.exe, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\CurVer, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\CurVer, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\Progid, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellCompatibility\ProgIDs\exefile, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:476, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:492, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:492, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:492, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open\ddeexec, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:492, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CLASSES_ROOT\exefile\shell\open\ddeexec, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:492, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:492, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\mshta.exe, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mshta.exe, access:0x00020019 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mshta.exe, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Classes\exefile\shell\open, access:0x02000000 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e112c2c5-22bb-11e5-9e99-806e6f6e6963}\, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e112c2c5-22bb-11e5-9e99-806e6f6e6963}\Generation, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x001000A1 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000080 share_access:0x00000003 disposition:0x00000001 options:0x00000040 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000001 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000001 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000001 disposition:0x00000001 options:0x00000020 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00100080 alloc_size:0 attrib:0x00000080 share_access:0x00000007 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000020 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option, access:0x00000003 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option, access:0x00000003 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers, access:0x00000001 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, access:0x00000001 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\AppPatch\sysmain.sdb, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000001 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\Windows\SysWOW64, filter:'mshta.exe' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\, filter:'Windows' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\Windows, filter:'system32' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\Windows\SysWOW64, filter:'mshta.exe' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache, type:0x00000001 datalen:160 data:'43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\mshta.exe, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_readdir, C:\Windows\SysWOW64, filter:'*' , 0x00000000 [操作成功完成。 ],
22:50:56:493, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000001 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:511, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:511, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000080 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:511, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:511, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
22:50:56:511, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\zh-CN\mshta.exe.mui, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000000 , 0x00000000 [操作成功完成。 ],
22:50:56:511, TeamViewer.exe, 3028:3744, 3028, FILE_open, C:\Windows\SysWOW64\mshta.exe, access:0x00000080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200000 , 0x00000000 [操作成功完成。 ],
22:50:56:511, TeamViewer.exe, 3028:3744, 3028, THRD_resume, , target_pid:8840 target_tid:3444 , 0x00000000 [操作成功完成。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\TIP\, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:558, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Item\{A48FA74E-F767-44E4-BFBC-169E8B38FF58}, access:0x00020019 , 0xC0000034 [系统找不到指定的文件。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\RtfConverterFlags, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use_DlgBox_Colors, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Anchor Underline, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\CSS_Compat, type:0x00000001 datalen:16 data:'64 00 6F 00 63 00 74 00 79 00 70 00 65 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Expand Alt Text, type:0x00000001 datalen:6 data:'6E 00 6F 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Images, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Display Inline Videos, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Background_Sounds, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Play_Animations, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Print_Background, type:0x00000001 datalen:6 data:'6E 00 6F 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\SmoothScroll, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XMLHTTP, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Show image placeholders, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Move System Caret, type:0x00000001 datalen:6 data:'6E 00 6F 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Enable AutoImageResize, type:0x00000001 datalen:8 data:'79 00 65 00 73 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\UseHR, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Q300829, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Cleanup HTCs, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\XDomainRequest, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DOMStorage, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\AutoDetect, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\International\Scripts, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color, type:0x00000001 datalen:16 data:'30 00 2C 00 30 00 2C 00 32 00 35 00 35 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Anchor Color Visited, type:0x00000001 datalen:20 data:'31 00 32 00 38 00 2C 00 30 00 2C 00 31 00 32 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Settings, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Colors, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Size, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Always Use My Font Face, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Disable Visited Hyperlinks, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\Use Anchor Hover Color, type:0x00000001 datalen:6 data:'6E 00 6F 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles\MaxScriptStatements, type:0x00000004 datalen:4 data:'40 4B 4C 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Text Scaling, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Allow Programmatic Cut_Copy_Paste, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings, access:0x00020019 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\DisableCachingOfSSLPages, type:0x00000004 datalen:4 data:'00 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PageSetup\Print_Background, type:0x00000001 datalen:6 data:'6E 00 6F 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加到闪电邮服务中心, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加到闪电邮服务中心\, type:0x00000001 datalen:60 data:'44 00 3A 00 5C 00 54 00 6F 00 6F 00 6C 00 5C 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加到闪电邮服务中心\Contexts, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\添加到闪电邮服务中心\Contexts, type:0x00000004 datalen:4 data:'01 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\通过网易闪电邮发送, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\通过网易闪电邮发送\, type:0x00000001 datalen:68 data:'44 00 3A 00 5C 00 54 00 6F 00 6F 00 6C 00 5C 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\通过网易闪电邮发送\Contexts, type:0x00000004 datalen:4 data:'32 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\通过网易闪电邮发送\Contexts, type:0x00000004 datalen:4 data:'32 00 00 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CodePage, access:0x00020019 , 0x00000104 [因为文件名产生符号链接,所以需由对象管理器重新运行分析操作。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CodePage, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CodePage\950, type:0x00000001 datalen:20 data:'63 00 5F 00 39 00 35 00 30 00 2E 00 6E 00 6C 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEPropFontName, type:0x00000001 datalen:32 data:'54 00 69 00 6D 00 65 00 73 00 20 00 4E 00 65 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_getval, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\Scripts\3\IEFixedFontName, type:0x00000001 datalen:24 data:'43 00 6F 00 75 00 72 00 69 00 65 00 72 00 20 00 ' , 0x00000000 [操作成功完成。 ],
22:50:56:574, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International, access:0x00000001 , 0x00000000 [操作成功完成。 ],
22:50:56:606, TeamViewer.exe, 3028:3744, 3028, REG_mkkey, HKEY_CURRENT_USER\Software\TeamViewer\, access:0x000F003F , 0x00000000 [操作成功完成。 ],
22:50:56:606, TeamViewer.exe, 3028:3744, 3028, REG_rmval, HKEY_CURRENT_USER\Software\TeamViewer\MainWindowHandle, keyname:'HKEY_CURRENT_USER\Software\TeamViewer' , 0x00000000 [操作成功完成。 ],
22:50:56:693, TeamViewer.exe, 3028:3744, 3028, REG_openkey, HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\GRE_Initialize, access:0x00020019 , 0x00000000 [操作成功完成。 ],
22:50:56:693, TeamViewer.exe, 3028:0, 3028, EXEC_destroy, D:\Tool\TeamViewer\TeamViewer.exe, parent_pid:2508 cmdline:'"D:\Tool\TeamViewer\TeamViewer.exe" ' , 0x00000000 [操作成功完成。 ],
|
发表于 2015-8-18 23:11:31
