23:47:49:353, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\xdyl.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:353, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\wsock32.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:353, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\IPHLPAPI.DLL, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:353, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\winnsi.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:353, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\oledlg.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:369, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\rasapi32.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:369, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\rasman.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:369, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\version.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:369, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:369, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:369, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\xdyl.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters, access:0x000F003F , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\WinSock_Registry_Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\AppId_Catalog, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Callout, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Next_Catalog_Entry_ID, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Serial_Access_Num, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Num_Catalog_Entries, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderId, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\SupportedNameSpace, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Enabled, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\StoresServiceClassInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderId, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\SupportedNameSpace, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Enabled, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\StoresServiceClassInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderId, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\SupportedNameSpace, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Enabled, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\StoresServiceClassInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ProviderId, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\SupportedNameSpace, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\Enabled, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\StoresServiceClassInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ProviderId, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\SupportedNameSpace, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\Enabled, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\StoresServiceClassInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\LibraryPath, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\DisplayString, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ProviderId, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\SupportedNameSpace, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\Enabled, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\Version, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\StoresServiceClassInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\ProviderInfo, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\WinSock2\Parameters, access:0x00000001 , 0x00000000 [操作成功完成。 ],
23:47:49:743, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\ini.bak, access:0x00010080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200040 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2980, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2980, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2980, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2980, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SYSTEM\Setup, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2980, 1308, REG_getval, HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2980, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SYSTEM\Setup, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2980, 1308, REG_getval, HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\tzres.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\zh-CN\tzres.dll.mui, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000000 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\tzres.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\zh-CN\tzres.dll.mui, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000000 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2644, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2644, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2644, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SYSTEM\Setup, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_getval, HKEY_LOCAL_MACHINE\SYSTEM\Setup\OOBEInProgress, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SYSTEM\Setup, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_getval, HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2712, 1308, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SQMClient\Windows\CEIPEnable, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2436, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2436, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2436, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:1092, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:1092, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:1092, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:572, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:572, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:572, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2308, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2308, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:806, demo.exe, 1308:2308, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:852, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\dm.dll, access:0x00110080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200020 , 0x00000000 [操作成功完成。 ],
23:47:49:852, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\dm.dll, access:0x00110080 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00200020 , 0x00000000 [操作成功完成。 ],
23:47:49:852, demo.exe, 1308:2892, 1308, FILE_rename, C:\Users\Administrator\Desktop\xdyl\dm.dll, replace_existing:false new_filename:'C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll' , 0x00000000 [操作成功完成。 ],
23:47:49:868, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:868, demo.exe, 1308:0, 1308, EXEC_module_load, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, base:0x0000000003150000 size:0x0036B000 , 0x00000000 [操作成功完成。 ],
23:47:49:868, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:868, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:884, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:49:884, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:884, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\demo.exe, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:884, demo.exe, 1308:2892, 1308, FILE_read, C:\Users\Administrator\Desktop\xdyl\demo.exe, offset:0x00000000 datalen:0x000CE000 , 0x00000000 [操作成功完成。 ],
23:47:49:884, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:884, demo.exe, 1308:2892, 1308, FILE_read, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, offset:0x00000000 datalen:0x002F9000 , 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\ntdll.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2892, 1308, FILE_read, C:\Windows\SysWOW64\ntdll.dll, offset:0x00000000 datalen:0x00142000 , 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\ntdll.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2892, 1308, FILE_read, C:\Windows\SysWOW64\ntdll.dll, offset:0x00000000 datalen:0x00142000 , 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2892, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2892, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2676, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2676, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:899, demo.exe, 1308:2676, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2824, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2824, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2824, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2932, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2932, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2932, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:1772, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:1772, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:1772, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2304, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2304, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:2304, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:1436, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:1436, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:49:915, demo.exe, 1308:1436, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:314, demo.exe, 1308:3068, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:314, demo.exe, 1308:3068, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:314, demo.exe, 1308:3068, 1308, REG_getval, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500\Software\Microsoft\Internet Explorer\Main\Start Page, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\reg.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\mfc42u.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\odbc32.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\msvcp60.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\odbcint.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\zh-CN\odbcint.dll.mui, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000000 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\zh-CN\MFC42u.dll.mui, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000000 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:2892, 1308, FILE_read, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, offset:0x00000030 datalen:0x00001000 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\ntdll.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:345, demo.exe, 1308:2892, 1308, FILE_read, C:\Windows\SysWOW64\ntdll.dll, offset:0x00000000 datalen:0x00142000 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\Registration\R000000000006.clb, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\msiltcfg.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\msi.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:361, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\Win31FileSystem, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\MartaExtension, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AccessProviders\MartaExtension, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\ntmarta.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LDAP, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_getval, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LDAP\LdapClientIntegrity, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LDAP, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LDAP, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:423, demo.exe, 1308:932, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\LDAP, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:470, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:470, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\sxs.dll, access:0x00100021 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:0, 1308, FILE_open, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000007 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, FILE_read, C:\Users\Administrator\Desktop\xdyl\AzrQL3756.dll, offset:0x00000000 datalen:0x00000040 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_USERS\S-1-5-21-1675599013-1495142256-3177721479-500_CLASSES, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0, access:0x02000000 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32, access:0x00000001 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_getval, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32\, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:0, 1308, FILE_open, C:\Windows\SysWOW64\stdole2.tlb, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000860 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, FILE_read, C:\Windows\SysWOW64\stdole2.tlb, offset:0x00000000 datalen:0x00000040 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale, access:0x00020019 , 0x00000000 [操作成功完成。 ],
23:47:54:532, demo.exe, 1308:2892, 1308, REG_openkey, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback, access:0x00000009 , 0x00000000 [操作成功完成。 ],
是调用了一个dll的公开函数接口,名称是dll作者的qq引流我就不说了,然后它这个函数重命名其他dll文件,并加载dll,注册com库,应该还写了内存的一些值,能分析出来写入的地址和值吗
|
发表于 2023-1-20 23:58:32
