使用次数限制的麻烦[求助]-软件逆向-看雪-安全社区|安全招聘|kanxue.com

使用次数限制的麻烦[求助]

发表于: 2005-10-19 00:02 5244

使用次数限制的麻烦[求助]

阳阳的狗

2005-10-19 00:02

5244

次数限制一般是在注册表里改动或是在文件里做标记，有狠的，我好像就碰到了，高手指点，能不能简明扼要地把这方面的手段罗列一下，谢谢

这是次数满了后的filemon.log
1 23:33:41 tnnd.exe:972 OPEN D:\Program Files\新建文件夹\新建文件夹 SUCCESS Options: Open Directory  Access: Traverse
2 23:33:41 tnnd.exe:972 OPEN D:\Program Files\新建文件夹\新建文件夹\tnnd.exe.Local FILE NOT FOUND Options: Open  Access: All
3 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.EPE SHARING VIOLATION Options: OpenIf  Access: All
4 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: All
5 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\V22005312.EPE SUCCESS Attributes: A
6 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
7 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: Execute
8 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\V22005312.EPE SUCCESS Length: 437248
9 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
10 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: All
11 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\V22005312.EPE SUCCESS Attributes: A
12 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
13 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: Execute
14 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
15 23:33:41 tnnd.exe:972 OPEN D:\Program Files\新建文件夹\新建文件夹\winspool.drv FILE NOT FOUND Options: Open  Access: All
16 23:33:41 tnnd.exe:972 OPEN D:\Program Files\新建文件夹\新建文件夹\winspool.drv FILE NOT FOUND Options: Open  Access: All
17 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\winspool.drv SUCCESS Options: Open  Access: All
18 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\winspool.drv SUCCESS Attributes: A
19 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\winspool.drv SUCCESS
20 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\winspool.drv SUCCESS Options: Open  Access: Execute
21 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\winspool.drv SUCCESS
22 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
23 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
24 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
25 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: Execute
26 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Length: 96528
27 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
28 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
29 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
30 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
31 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: Execute
32 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Length: 96528
33 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
34 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
35 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
36 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
37 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: Execute
38 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
39 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
40 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
41 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
42 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
43 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
44 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
45 23:33:41 tnnd.exe:972 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 4096
46 23:33:41 tnnd.exe:972 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 4096
47 23:33:41 tnnd.exe:972 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 8192
48 23:33:41 tnnd.exe:972 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 8192
49 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\ole32.dll SUCCESS Options: Open  Access: All
50 23:33:41 tnnd.exe:972 QUERY INFORMATION D:\WINNT\system32\ole32.dll SUCCESS Attributes: A
51 23:33:41 tnnd.exe:972 CLOSE D:\WINNT\system32\ole32.dll SUCCESS
52 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.CHS FILE NOT FOUND Options: Open  Access: All
53 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.CHS FILE NOT FOUND Options: Open  Access: All
54 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.CHS.DLL FILE NOT FOUND Options: Open  Access: All
55 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.CH FILE NOT FOUND Options: Open  Access: All
56 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.CH FILE NOT FOUND Options: Open  Access: All
57 23:33:41 tnnd.exe:972 OPEN D:\WINNT\system32\V22005312.CH.DLL FILE NOT FOUND Options: Open  Access: All
58 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\Program Files\新建文件夹\新建文件夹\tnnd.exe SUCCESS FileNameInformation
59 23:33:41 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\Fl SUCCESS Options: Open  Access: All
60 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\ntdll.dll SUCCESS Options: Open  Access: All
61 23:33:41 tnnd.exe:972 CLOSE D:\Program Files\新建文件夹\新建文件夹 SUCCESS
62 23:33:41 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹 SUCCESS Options: Open Directory  Access: Traverse
63 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\kernel32.dll SUCCESS FileNameInformation
64 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\kernel32.dll SUCCESS Options: Open  Access: All
65 23:33:41 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\tnnd.exe.Local FILE NOT FOUND Options: Open  Access: All
66 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.EPE SHARING VIOLATION Options: OpenIf  Access: All
67 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: All
68 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\V22005312.EPE SUCCESS Attributes: A
69 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
70 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: Execute
71 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\V22005312.EPE SUCCESS Length: 437248
72 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
73 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: All
74 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\V22005312.EPE SUCCESS Attributes: A
75 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
76 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: Execute
77 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
78 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\V22005312.EPE SUCCESS FileNameInformation
79 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\V22005312.EPE SUCCESS Options: Open  Access: All
80 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\advapi32.dll SUCCESS FileNameInformation
81 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\advapi32.dll SUCCESS Options: Open  Access: All
82 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\rpcrt4.dll SUCCESS FileNameInformation
83 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\rpcrt4.dll SUCCESS Options: Open  Access: All
84 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\COMCTL32.DLL SUCCESS FileNameInformation
85 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\COMCTL32.DLL SUCCESS Options: Open  Access: All
86 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\gdi32.dll SUCCESS FileNameInformation
87 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\gdi32.dll SUCCESS Options: Open  Access: All
88 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\user32.dll SUCCESS FileNameInformation
89 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\user32.dll SUCCESS Options: Open  Access: All
90 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\oleaut32.dll SUCCESS FileNameInformation
91 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\oleaut32.dll SUCCESS Options: Open  Access: All
92 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\ole32.dll SUCCESS FileNameInformation
93 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\ole32.dll SUCCESS Options: Open  Access: All
94 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\shell32.dll SUCCESS FileNameInformation
95 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\shell32.dll SUCCESS Options: Open  Access: All
96 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\SHLWAPI.DLL SUCCESS FileNameInformation
97 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\SHLWAPI.DLL SUCCESS Options: Open  Access: All
98 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\MSVCRT.DLL SUCCESS FileNameInformation
99 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\MSVCRT.DLL SUCCESS Options: Open  Access: All
100 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\version.dll SUCCESS FileNameInformation
101 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\version.dll SUCCESS Options: Open  Access: All
102 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\lz32.dll SUCCESS FileNameInformation
103 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\lz32.dll SUCCESS Options: Open  Access: All
104 23:33:41 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\winspool.drv FILE NOT FOUND Options: Open  Access: All
105 23:33:41 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\winspool.drv FILE NOT FOUND Options: Open  Access: All
106 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\winspool.drv SUCCESS Options: Open  Access: All
107 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\winspool.drv SUCCESS Attributes: A
108 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\winspool.drv SUCCESS
109 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\winspool.drv SUCCESS Options: Open  Access: Execute
110 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\winspool.drv SUCCESS
111 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\WINSPOOL.DRV SUCCESS FileNameInformation
112 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\WINSPOOL.DRV SUCCESS Options: Open  Access: All
113 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\MPR.dll SUCCESS FileNameInformation
114 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\MPR.dll SUCCESS Options: Open  Access: All
115 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
116 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
117 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
118 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: Execute
119 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Length: 96528
120 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
121 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
122 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
123 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
124 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: Execute
125 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Length: 96528
126 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
127 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
128 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
129 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
130 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: Execute
131 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
132 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\IMM32.DLL SUCCESS FileNameInformation
133 23:33:41 tnnd.exe:888 OPEN D:\WINNT\System32\IMM32.DLL SUCCESS Options: Open  Access: All
134 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
135 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
136 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
137 23:33:41 tnnd.exe:888 OPEN D:\WINNT\system32\IMM32.DLL SUCCESS Options: Open  Access: All
138 23:33:41 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\IMM32.DLL SUCCESS Attributes: A
139 23:33:41 tnnd.exe:888 CLOSE D:\WINNT\system32\IMM32.DLL SUCCESS
140 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\ole32.dll SUCCESS Options: Open  Access: All
141 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\ole32.dll SUCCESS Attributes: A
142 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\ole32.dll SUCCESS
143 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.CHS FILE NOT FOUND Options: Open  Access: All
144 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.CHS FILE NOT FOUND Options: Open  Access: All
145 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.CHS.DLL FILE NOT FOUND Options: Open  Access: All
146 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.CH FILE NOT FOUND Options: Open  Access: All
147 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.CH FILE NOT FOUND Options: Open  Access: All
148 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.CH.DLL FILE NOT FOUND Options: Open  Access: All
149 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\INDICDLL.dll SUCCESS Options: Open  Access: All
150 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\INDICDLL.dll SUCCESS Attributes: A
151 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\INDICDLL.dll SUCCESS
152 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\INDICDLL.dll SUCCESS Options: Open  Access: Execute
153 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\INDICDLL.dll SUCCESS Length: 11536
154 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\INDICDLL.dll SUCCESS
155 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\INDICDLL.dll SUCCESS Options: Open  Access: All
156 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\INDICDLL.dll SUCCESS Attributes: A
157 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\INDICDLL.dll SUCCESS
158 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\INDICDLL.dll SUCCESS Options: Open  Access: Execute
159 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\INDICDLL.dll SUCCESS
160 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\INDICDLL.dll SUCCESS FileNameInformation
161 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\INDICDLL.dll SUCCESS Options: Open  Access: All
162 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\V22005312.EPE SUCCESS Options: Open  Access: All
163 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\V22005312.EPE SUCCESS Attributes: A
164 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\V22005312.EPE SUCCESS
165 23:33:42 tnnd.exe:888 OPEN D:\WINNT\FONTS\SERIFE.FON SUCCESS Options: Open  Access: All
166 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\FONTS\SERIFE.FON SUCCESS Length: 57936
167 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\FONTS\SERIFE.FON SUCCESS Attributes: H
168 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\FONTS\SERIFE.FON SUCCESS FileFsAttributeInformation
169 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\FONTS\SERIFE.FON SUCCESS Length: 57936
170 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\FONTS\SERIFE.FON SUCCESS
171 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WSOCK32.DLL FILE NOT FOUND Options: Open  Access: All
172 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WSOCK32.DLL FILE NOT FOUND Options: Open  Access: All
173 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\WSOCK32.DLL SUCCESS Options: Open  Access: All
174 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\WSOCK32.DLL SUCCESS Attributes: A
175 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\WSOCK32.DLL SUCCESS
176 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\WSOCK32.DLL SUCCESS Options: Open  Access: Execute
177 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\WSOCK32.DLL SUCCESS
178 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\WSOCK32.DLL SUCCESS FileNameInformation
179 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\WSOCK32.DLL SUCCESS Options: Open  Access: All
180 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WS2_32.DLL FILE NOT FOUND Options: Open  Access: All
181 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WS2_32.DLL FILE NOT FOUND Options: Open  Access: All
182 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\WS2_32.DLL SUCCESS Options: Open  Access: All
183 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\WS2_32.DLL SUCCESS Attributes: A
184 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\WS2_32.DLL SUCCESS
185 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\WS2_32.DLL SUCCESS Options: Open  Access: Execute
186 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\WS2_32.DLL SUCCESS
187 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\WS2_32.DLL SUCCESS FileNameInformation
188 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\WS2_32.DLL SUCCESS Options: Open  Access: All
189 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WS2HELP.DLL FILE NOT FOUND Options: Open  Access: All
190 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WS2HELP.DLL FILE NOT FOUND Options: Open  Access: All
191 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\WS2HELP.DLL SUCCESS Options: Open  Access: All
192 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\WS2HELP.DLL SUCCESS Attributes: A
193 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\WS2HELP.DLL SUCCESS
194 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\WS2HELP.DLL SUCCESS Options: Open  Access: Execute
195 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\WS2HELP.DLL SUCCESS
196 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\WS2HELP.DLL SUCCESS FileNameInformation
197 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\WS2HELP.DLL SUCCESS Options: Open  Access: All
198 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WEBPOST.DLL SUCCESS Options: Open  Access: All
199 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\Program Files\新建文件夹\新建文件夹\WEBPOST.DLL SUCCESS Attributes: A
200 23:33:42 tnnd.exe:888 CLOSE D:\Program Files\新建文件夹\新建文件夹\WEBPOST.DLL SUCCESS
201 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\WEBPOST.DLL SUCCESS Options: Open  Access: Execute
202 23:33:42 tnnd.exe:888 CLOSE D:\Program Files\新建文件夹\新建文件夹\WEBPOST.DLL SUCCESS
203 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\Program Files\新建文件夹\新建文件夹\WEBPOST.DLL SUCCESS FileNameInformation
204 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\W FILE NOT FOUND Options: Open  Access: All
205 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\PIParse.dll SUCCESS Options: Open  Access: All
206 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\Program Files\新建文件夹\新建文件夹\PIParse.dll SUCCESS Attributes: A
207 23:33:42 tnnd.exe:888 CLOSE D:\Program Files\新建文件夹\新建文件夹\PIParse.dll SUCCESS
208 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\PIParse.dll SUCCESS Options: Open  Access: Execute
209 23:33:42 tnnd.exe:888 CLOSE D:\Program Files\新建文件夹\新建文件夹\PIParse.dll SUCCESS
210 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\Program Files\新建文件夹\新建文件夹\PIParse.dll SUCCESS FileNameInformation
211 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\P FILE NOT FOUND Options: Open  Access: All
212 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\wininet.dll SUCCESS FileNameInformation
213 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\wininet.dll SUCCESS Options: Open  Access: All
214 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\CRYPT32.dll SUCCESS FileNameInformation
215 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\CRYPT32.dll SUCCESS Options: Open  Access: All
216 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\MSASN1.DLL SUCCESS FileNameInformation
217 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\MSASN1.DLL SUCCESS Options: Open  Access: All
218 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\MFC42.DLL FILE NOT FOUND Options: Open  Access: All
219 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\MFC42.DLL FILE NOT FOUND Options: Open  Access: All
220 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MFC42.DLL SUCCESS Options: Open  Access: All
221 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\MFC42.DLL SUCCESS Attributes: A
222 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MFC42.DLL SUCCESS
223 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MFC42.DLL SUCCESS Options: Open  Access: Execute
224 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MFC42.DLL SUCCESS
225 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\MFC42.DLL SUCCESS FileNameInformation
226 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\MFC42.DLL SUCCESS Options: Open  Access: All
227 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MFC42LOC.DLL SUCCESS Options: Open  Access: All
228 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\MFC42LOC.DLL SUCCESS Attributes: A
229 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MFC42LOC.DLL SUCCESS
230 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MFC42LOC.DLL SUCCESS Options: Open  Access: Execute
231 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\MFC42LOC.DLL SUCCESS Length: 53248
232 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MFC42LOC.DLL SUCCESS
233 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MFC42LOC.DLL SUCCESS Options: Open  Access: All
234 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\MFC42LOC.DLL SUCCESS Attributes: A
235 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MFC42LOC.DLL SUCCESS
236 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MFC42LOC.DLL SUCCESS Options: Open  Access: Execute
237 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MFC42LOC.DLL SUCCESS
238 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\MFC42LOC.DLL SUCCESS FileNameInformation
239 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\MFC42LOC.DLL SUCCESS Options: Open  Access: All
240 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\MSVCIRT.DLL FILE NOT FOUND Options: Open  Access: All
241 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\MSVCIRT.DLL FILE NOT FOUND Options: Open  Access: All
242 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MSVCIRT.DLL SUCCESS Options: Open  Access: All
243 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\system32\MSVCIRT.DLL SUCCESS Attributes: A
244 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MSVCIRT.DLL SUCCESS
245 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\MSVCIRT.DLL SUCCESS Options: Open  Access: Execute
246 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\MSVCIRT.DLL SUCCESS
247 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\WINNT\System32\MSVCIRT.DLL SUCCESS FileNameInformation
248 23:33:42 tnnd.exe:888 OPEN D:\WINNT\System32\MSVCIRT.DLL SUCCESS Options: Open  Access: All
249 23:33:42 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\tnnd.exe SUCCESS Options: Open  Access: All
250 23:33:42 tnnd.exe:888 QUERY INFORMATION D:\Program Files\新建文件夹\新建文件夹\tnnd.exe SUCCESS Attributes: A
251 23:33:42 tnnd.exe:888 CLOSE D:\Program Files\新建文件夹\新建文件夹\tnnd.exe SUCCESS
252 23:33:42 tnnd.exe:888 OPEN D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Options: Open  Access: All
253 23:33:42 tnnd.exe:888 READ D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Offset: 0 Length: 128
254 23:33:42 tnnd.exe:888 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 8192
255 23:33:42 tnnd.exe:888 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 8192
256 23:33:42 tnnd.exe:888 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 8192
257 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS
258 23:33:42 tnnd.exe:888 CREATE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Options: OverwriteIf  Access: All
259 23:33:42 tnnd.exe:888 WRITE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Offset: 0 Length: 104
260 23:33:42 tnnd.exe:888 CLOSE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS
261 23:33:53 tnnd.exe:888 OPEN D:\Program Files\新建文件夹\新建文件夹\tnnd.exe SUCCESS Options: Open  Access: All
262 23:33:53 tnnd.exe:888 QUERY INFORMATION D:\Program Files\新建文件夹\新建文件夹\tnnd.exe SUCCESS Attributes: A
263 23:33:53 tnnd.exe:888 CLOSE D:\Program Files\新建文件夹\新建文件夹\tnnd.exe SUCCESS
264 23:33:53 tnnd.exe:888 OPEN D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Options: Open  Access: All
265 23:33:53 tnnd.exe:888 READ D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Offset: 0 Length: 128
266 23:33:53 tnnd.exe:888 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 4096
267 23:33:53 tnnd.exe:888 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 4096
268 23:33:53 tnnd.exe:888 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 8192
269 23:33:53 tnnd.exe:888 SET INFORMATION D:\WINNT\System32\Config\SOFTWARE.LOG SUCCESS Length: 8192
270 23:33:53 tnnd.exe:888 CLOSE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS
271 23:33:53 tnnd.exe:888 CREATE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Options: OverwriteIf  Access: All
272 23:33:53 tnnd.exe:888 WRITE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS Offset: 0 Length: 104
273 23:33:53 tnnd.exe:888 CLOSE D:\WINNT\system32\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS
274 23:33:53 tnnd.exe:888 CLOSE D:\Program Files\新建文件夹\新建文件夹 SUCCESS

这是次数满了后的regmon.log
1 22.30058670 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
2 22.30061913 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
3 22.30098152 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
4 22.30253601 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
5 22.30357361 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x1
6 22.30390167 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NOT FOUND
7 22.30423546 tnnd.exe:972 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
8 22.30728722 tnnd.exe:972 OpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Access: 0x20019
9 22.30761909 tnnd.exe:972 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack SUCCESS 0x0
10 22.30764961 tnnd.exe:972 CloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
11 22.30798531 tnnd.exe:972 OpenKey HKLM SUCCESS Access: 0x2000000
12 22.30827332 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NOT FOUND
13 22.30942154 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument\ NOT FOUND
14 22.30991364 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Access: 0x20019
15 22.30994415 tnnd.exe:972 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32\FlyonNet NOT FOUND
16 22.31027222 tnnd.exe:972 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS
17 22.31057549 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility2 SUCCESS Access: 0x20019
18 22.31061745 tnnd.exe:972 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility2\FlyonNet0.0 NOT FOUND
19 22.31093407 tnnd.exe:972 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility2 SUCCESS
20 22.31123734 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS Access: 0x20019
21 22.31126404 tnnd.exe:972 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility\FlyonNet NOT FOUND
22 22.31157684 tnnd.exe:972 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS
23 22.31172371 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\tnnd.exe NOT FOUND
24 22.31206894 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Access: 0x20019
25 22.31209564 tnnd.exe:972 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SUCCESS ""
26 22.31237602 tnnd.exe:972 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS
27 22.31333923 tnnd.exe:972 OpenKey HKCU SUCCESS Access: 0x2000000
28 22.31337357 tnnd.exe:972 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x20019
29 22.31366158 tnnd.exe:972 QueryValue HKCU\Control Panel\Desktop\SmoothScroll NOT FOUND
30 22.31397438 tnnd.exe:972 CloseKey HKCU\Control Panel\Desktop SUCCESS
31 22.31423187 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x1
32 22.31456757 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\AdditionalBaseNamedObjectsProtectionMode NOT FOUND
33 22.31484604 tnnd.exe:972 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
34 22.31491470 tnnd.exe:972 OpenKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS Access: 0x20019
35 22.31523323 tnnd.exe:972 QueryValue HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap NOT FOUND
36 22.31551170 tnnd.exe:972 CloseKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS
37 22.31554604 tnnd.exe:972 OpenKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS Access: 0x20019
38 22.31585693 tnnd.exe:972 QueryValue HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate NOT FOUND
39 22.31617737 tnnd.exe:972 CloseKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS
40 22.31631279 tnnd.exe:972 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x1
41 22.31660652 tnnd.exe:972 QueryValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS B0 4C C9 79 27 14 2B C0 ...
42 22.31701851 tnnd.exe:972 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
43 22.31748009 tnnd.exe:972 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
44 22.31769943 tnnd.exe:972 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 3F BD 07 74 5A B9 B6 8F ...
45 22.31798744 tnnd.exe:972 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
46 22.31836510 tnnd.exe:972 OpenKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x20019
47 22.31839371 tnnd.exe:972 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout SUCCESS 0x278D00
48 22.31871796 tnnd.exe:972 CloseKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS
49 22.31909370 tnnd.exe:972 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NOT FOUND
50 22.31940269 tnnd.exe:972 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra NOT FOUND
51 22.31960106 tnnd.exe:972 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NOT FOUND
52 22.32016563 tnnd.exe:972 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance NOT FOUND
53 22.32054138 tnnd.exe:972 OpenKey HKCU SUCCESS Access: 0x2000000
54 22.32056999 tnnd.exe:972 QueryKey HKCU SUCCESS Name: \REGISTRY\User\S-1-5-21-1292428093-884357618-682003330-1000_Classes
55 22.32059479 tnnd.exe:972 OpenKey HKCU\CLSID NOT FOUND
56 22.32092285 tnnd.exe:972 OpenKey HKCR\CLSID SUCCESS Access: 0x2000000
57 22.32126808 tnnd.exe:972 CreateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer SUCCESS Access: 0x2000000
58 22.32162285 tnnd.exe:972 OpenKey HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder SUCCESS Access: 0x20019
59 22.33537865 tnnd.exe:972 OpenKey HKCU\Software\Borland\Locales NOT FOUND
60 22.33541107 tnnd.exe:972 OpenKey HKLM\Software\Borland\Locales NOT FOUND
61 22.33569908 tnnd.exe:972 OpenKey HKCU\Software\Borland\Delphi\Locales NOT FOUND
62 22.33824158 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804 SUCCESS Access: 0x20019
63 22.33827591 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804\layout text SUCCESS "中文 (简体) - 微软拼音"
64 22.33860397 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804\layout text SUCCESS "中文 (简体) - 微软拼音"
65 22.33864594 tnnd.exe:972 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804 SUCCESS
66 22.33895683 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804 SUCCESS Access: 0x20019
67 22.33927536 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804\layout text SUCCESS "中文 (简体) - 全拼"
68 22.33930206 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804\layout text SUCCESS "中文 (简体) - 全拼"
69 22.33958817 tnnd.exe:972 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804 SUCCESS
70 22.33993912 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804 SUCCESS Access: 0x20019
71 22.33996773 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804\layout text SUCCESS "中文 (简体) - 郑码"
72 22.34029198 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804\layout text SUCCESS "中文 (简体) - 郑码"
73 22.34031868 tnnd.exe:972 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804 SUCCESS
74 22.34062386 tnnd.exe:972 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804 SUCCESS Access: 0x20019
75 22.34094238 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804\layout text SUCCESS "中文 (简体) - 智能 ABC"
76 22.34096909 tnnd.exe:972 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804\layout text SUCCESS "中文 (简体) - 智能 ABC"
77 22.34125519 tnnd.exe:972 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804 SUCCESS
78 22.35739708 tnnd.exe:972 CloseKey HKCR\CLSID SUCCESS
79 22.35832405 tnnd.exe:972 CloseKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer SUCCESS
80 22.35973167 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
81 22.35973930 tnnd.exe:972 CloseKey HKLM SUCCESS
82 22.35976982 tnnd.exe:972 CloseKey HKCU SUCCESS
83 22.35979080 tnnd.exe:972 CloseKey HKCU SUCCESS
84 22.35981941 tnnd.exe:972 CloseKey HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder SUCCESS
85 22.36090279 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
86 22.36106491 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
87 22.36210060 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe NOT FOUND
88 22.36214828 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernel32.dll NOT FOUND
89 22.36340714 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x1
90 22.36343575 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NOT FOUND
91 22.36376190 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
92 22.37094307 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RPCRT4.DLL NOT FOUND
93 22.37130356 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advapi32.dll NOT FOUND
94 22.37138367 tnnd.exe:888 OpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Access: 0x20019
95 22.37171173 tnnd.exe:888 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack SUCCESS 0x0
96 22.37174225 tnnd.exe:888 CloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
97 22.37204552 tnnd.exe:888 OpenKey HKLM SUCCESS Access: 0x2000000
98 22.37236214 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NOT FOUND
99 22.37239838 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USER32.DLL NOT FOUND
100 22.37400627 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMM32.DLL NOT FOUND
101 22.37439156 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument\ NOT FOUND
102 22.37484169 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Access: 0x20019
103 22.37487793 tnnd.exe:888 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32\FlyonNet NOT FOUND
104 22.37519264 tnnd.exe:888 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS
105 22.37549782 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility2 SUCCESS Access: 0x20019
106 22.37553978 tnnd.exe:888 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility2\FlyonNet0.0 NOT FOUND
107 22.37585258 tnnd.exe:888 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility2 SUCCESS
108 22.37619400 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS Access: 0x20019
109 22.37622261 tnnd.exe:888 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility\FlyonNet NOT FOUND
110 22.37649918 tnnd.exe:888 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS
111 22.37663841 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager\AppCompatibility\tnnd.exe NOT FOUND
112 22.37697220 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Access: 0x20019
113 22.37699699 tnnd.exe:888 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SUCCESS ""
114 22.37727928 tnnd.exe:888 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS
115 22.37785912 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\comctl32.dll NOT FOUND
116 22.37830925 tnnd.exe:888 OpenKey HKCU SUCCESS Access: 0x2000000
117 22.37864876 tnnd.exe:888 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x20019
118 22.37867737 tnnd.exe:888 QueryValue HKCU\Control Panel\Desktop\SmoothScroll NOT FOUND
119 22.37898254 tnnd.exe:888 CloseKey HKCU\Control Panel\Desktop SUCCESS
120 22.37918472 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ole32.dll NOT FOUND
121 22.37971687 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x1
122 22.38000488 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\AdditionalBaseNamedObjectsProtectionMode NOT FOUND
123 22.38002968 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
124 22.38038254 tnnd.exe:888 OpenKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS Access: 0x20019
125 22.38070488 tnnd.exe:888 QueryValue HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorUseSystemHeap NOT FOUND
126 22.38072777 tnnd.exe:888 CloseKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS
127 22.38101387 tnnd.exe:888 OpenKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS Access: 0x20019
128 22.38132286 tnnd.exe:888 QueryValue HKLM\SOFTWARE\Microsoft\OLE\PageAllocatorSystemHeapIsPrivate NOT FOUND
129 22.38134384 tnnd.exe:888 CloseKey HKLM\SOFTWARE\Microsoft\OLE SUCCESS
130 22.38174057 tnnd.exe:888 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x1
131 22.38224220 tnnd.exe:888 QueryValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 3F BD 07 74 5A B9 B6 8F ...
132 22.38226700 tnnd.exe:888 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
133 22.38273430 tnnd.exe:888 CreateKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS Access: 0x2
134 22.38304329 tnnd.exe:888 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS 6C 24 07 89 ED 4A 2E 8B ...
135 22.38335609 tnnd.exe:888 CloseKey HKLM\SOFTWARE\Microsoft\Cryptography\RNG SUCCESS
136 22.38344002 tnnd.exe:888 OpenKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x20019
137 22.38372803 tnnd.exe:888 QueryValue HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout SUCCESS 0x278D00
138 22.38404465 tnnd.exe:888 CloseKey HKLM\SYSTEM\CurrentControlSet\Control\Session Manager SUCCESS
139 22.38410378 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oleaut32.dll NOT FOUND
140 22.38453484 tnnd.exe:888 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NOT FOUND
141 22.38490486 tnnd.exe:888 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT\UserEra NOT FOUND
142 22.38514900 tnnd.exe:888 OpenKey HKLM\SOFTWARE\Microsoft\OLEAUT NOT FOUND
143 22.38544083 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcrt.dll NOT FOUND
144 22.38578796 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SHLWAPI.DLL NOT FOUND
145 22.38614845 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance NOT FOUND
146 22.38619995 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shell32.dll NOT FOUND
147 22.38658524 tnnd.exe:888 OpenKey HKCU SUCCESS Access: 0x2000000
148 22.38662338 tnnd.exe:888 QueryKey HKCU SUCCESS Name: \REGISTRY\User\S-1-5-21-1292428093-884357618-682003330-1000_Classes
149 22.38665199 tnnd.exe:888 OpenKey HKCU\CLSID NOT FOUND
150 22.38697624 tnnd.exe:888 OpenKey HKCR\CLSID SUCCESS Access: 0x2000000
151 22.38732147 tnnd.exe:888 CreateKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer SUCCESS Access: 0x2000000
152 22.38738823 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LZ32.DLL NOT FOUND
153 22.38768387 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\version.dll NOT FOUND
154 22.38772964 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPR.DLL NOT FOUND
155 22.38808250 tnnd.exe:888 OpenKey HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder SUCCESS Access: 0x20019
156 22.38815498 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winspool.drv NOT FOUND
157 22.38822365 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\V22005312.EPE NOT FOUND
158 22.40257454 tnnd.exe:888 OpenKey HKCU\Software\Borland\Locales NOT FOUND
159 22.40300751 tnnd.exe:888 OpenKey HKLM\Software\Borland\Locales NOT FOUND
160 22.40303612 tnnd.exe:888 OpenKey HKCU\Software\Borland\Delphi\Locales NOT FOUND
161 22.40614700 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804 SUCCESS Access: 0x20019
162 22.40618515 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804\layout text SUCCESS "中文 (简体) - 微软拼音"
163 22.40647507 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804\layout text SUCCESS "中文 (简体) - 微软拼音"
164 22.40681648 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E00E0804 SUCCESS
165 22.40687943 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804 SUCCESS Access: 0x20019
166 22.40716743 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804\layout text SUCCESS "中文 (简体) - 全拼"
167 22.40719795 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804\layout text SUCCESS "中文 (简体) - 全拼"
168 22.40751839 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0010804 SUCCESS
169 22.40786934 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804 SUCCESS Access: 0x20019
170 22.40790367 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804\layout text SUCCESS "中文 (简体) - 郑码"
171 22.40818977 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804\layout text SUCCESS "中文 (简体) - 郑码"
172 22.40851212 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0030804 SUCCESS
173 22.40856361 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804 SUCCESS Access: 0x20019
174 22.40884972 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804\layout text SUCCESS "中文 (简体) - 智能 ABC"
175 22.40888023 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804\layout text SUCCESS "中文 (简体) - 智能 ABC"
176 22.40920258 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\Keyboard Layouts\E0040804 SUCCESS
177 22.42635727 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\INDICDLL.dll NOT FOUND
178 22.42776871 tnnd.exe:888 OpenKey HKCU SUCCESS Access: 0x2000000
179 22.42780495 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\Nls\MUILanguages NOT FOUND
180 22.42814636 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Rpc\RobustMode NOT FOUND
181 22.42850494 tnnd.exe:888 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
182 22.42883492 tnnd.exe:888 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
183 22.42884636 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Rpc SUCCESS Access: 0x20019
184 22.42886734 tnnd.exe:888 QueryValue HKLM\Software\Microsoft\Rpc\MaxRpcSize NOT FOUND
185 22.42915154 tnnd.exe:888 CloseKey HKCU\Control Panel\Desktop SUCCESS
186 22.42946053 tnnd.exe:888 CloseKey HKLM\Software\Microsoft\Rpc SUCCESS
187 22.42976189 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnnd.exe\RpcThreadPoolThrottle NOT FOUND
188 22.42976952 tnnd.exe:888 CloseKey HKCU SUCCESS
189 22.43729019 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS Access: 0x20019
190 22.43733025 tnnd.exe:888 OpenKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS Access: 0x20019
191 22.43764877 tnnd.exe:888 QueryValue HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName SUCCESS "RICHARD"
192 22.43812561 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName SUCCESS
193 22.43815422 tnnd.exe:888 CloseKey HKLM\System\CurrentControlSet\Control\ComputerName SUCCESS
194 22.67318726 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2HELP.DLL NOT FOUND
195 22.67323494 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WS2_32.DLL NOT FOUND
196 22.68136787 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASN1.DLL NOT FOUND
197 22.68297768 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CRYPT32.dll NOT FOUND
198 22.68451309 tnnd.exe:888 OpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1 NOT FOUND
199 22.68542671 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WININET.dll NOT FOUND
200 22.68727684 tnnd.exe:888 CreateKey HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SUCCESS Access: 0x2001F
201 22.68891525 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PIParse.dll NOT FOUND
202 22.68899536 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBPOST.DLL NOT FOUND
203 22.69174194 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MFC42.DLL NOT FOUND
204 22.81789207 tnnd.exe:888 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSVCIRT.DLL NOT FOUND
205 22.82669830 tnnd.exe:888 CreateKey HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E} SUCCESS Access: 0xF003F
206 22.82674217 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
207 22.82832718 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
208 22.82837296 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS "480079489666F5446C5830BB12AD1DADA2956EFF34DD725E0B7E1B5B20D64217C726085FF066F0746B7020A59E674B4DAB2E49"
209 22.82999420 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
210 22.83002472 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
211 22.83105850 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS "480079489666F5446C5830BB12AD1DADA2956EFF34DD725E0B7E1B5B20D64217C726085FF066F0746B7020A59E674B4DAB2E49"
212 22.83677483 tnnd.exe:888 SetValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS "3C7BEA5106996073703F910A58CDD04AC690A29BA03C08E843F94DF70E80D851113596A9222BD911613885BABE72F899F13566"
213 22.84033966 tnnd.exe:888 CloseKey HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E} SUCCESS
214 34.17007446 tnnd.exe:888 CreateKey HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E} SUCCESS Access: 0xF003F
215 34.17011261 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
216 34.17013931 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
217 34.17017365 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS "3C7BEA5106996073703F910A58CDD04AC690A29BA03C08E843F94DF70E80D851113596A9222BD911613885BABE72F899F13566"
218 34.17020416 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
219 34.17023087 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} BUFFER OVERFLOW
220 34.17026138 tnnd.exe:888 QueryValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS "3C7BEA5106996073703F910A58CDD04AC690A29BA03C08E843F94DF70E80D851113596A9222BD911613885BABE72F899F13566"
221 34.17483139 tnnd.exe:888 SetValue HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E}\{BD6FB8EE-F14B-45FB-95C7-E9CD92199D3A} SUCCESS "0840DEAD2F4FC31B61BEB638A775B37EEC3060577C47C3A2F135386C33DF22273350A0F563BA773681834F7A4C70B7C025B57E"
222 34.17583847 tnnd.exe:888 CloseKey HKLM\Software\{FCADC8A0-FEB7-4185-9F52-C5141DE0312E} SUCCESS
223 34.17665482 tnnd.exe:888 CloseKey HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings SUCCESS
224 34.17845154 tnnd.exe:888 CloseKey HKCR\CLSID SUCCESS
225 34.17870712 tnnd.exe:888 CloseKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer SUCCESS
226 34.18266296 tnnd.exe:888 CloseKey HKLM SUCCESS
227 34.18316269 tnnd.exe:888 CloseKey HKCU SUCCESS
228 34.18365860 tnnd.exe:888 CloseKey HKCU SUCCESS
229 34.18368912 tnnd.exe:888 CloseKey HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder SUCCESS

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・0

免费・0

支持

最新回复 (2)
liuyilin 雪币： 303 活跃值： (466) 能力值： ( LV2，RANK：10 ) 在线值：发帖 51 回帖 1007 粉丝 1 关注私信	liuyilin 2 楼帖这么多屁用没有 2005-10-19 00:43 0
zhouyu 雪币： 213 活跃值： (81) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 68 粉丝 1 关注私信	zhouyu 3 楼自己恐怕都没看过来！ 2005-10-19 08:52 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

阳阳的狗

发帖

回帖

RANK

关注

私信

他的文章

使用次数限制的麻烦[求助] 5245

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
liuyilin 雪币： 303 活跃值： (466) 能力值： ( LV2，RANK：10 ) 在线值：发帖 51 回帖 1007 粉丝 1 关注私信	liuyilin 2 楼帖这么多屁用没有 2005-10-19 00:43 0
zhouyu 雪币： 213 活跃值： (81) 能力值： ( LV2，RANK：10 ) 在线值：发帖 9 回帖 68 粉丝 1 关注私信	zhouyu 3 楼自己恐怕都没看过来！ 2005-10-19 08:52 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复