恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4

标签：分析 2476 0x00000000 exe 20 21 恶意代码 Lab3 Lab03

笔记

动态分析基础，这部分还没涉及到看反汇编进行分析，主要是运行程序，然后通过监控软件检测程序运行的内容

使用沙箱查看运行报告，可以获取一部分信息

首先要在虚拟机上运行恶意代码：

如果是DLL，可以通过rundll32.exe DLLName, ExportFun来进行执行
如果是服务DLL，则需要运行其中导出的安装服务函数，如果没有则需要手动使用sc或修改注册表安装服务

然后监控程序运行的各种信息：

进程监控工具：Process Monitor，可以监控注册表，文件系统，网络，进程，线程行为，通过设置过滤可以更快找到我们想找的行为信息
进程浏览工具：Process Explorer，更厉害的任务管理器，会列出活动的进程，被进程载入的DLL，各种进程属性和整体系统信息

该工具提供了验证功能，检测映像文件是不是具有微软签名
可以查看文件和进程的字符串，来对比判断进程是否被替换
可以启动depends.exe，可以对比进程中的dll和文件中的导入dll的区别来判断是否有被注入dll
还可以分析恶意文档，如果文档启动了其他进程，可以通过这个工具监控到

注册表快照对比：Regshot，可以通过建立快照，执行程序，再次建立快照进行两次快照的对比，检测注册表修改项
流量分析，检测网络行为

DNS请求查看工具：ApateDNS，查看DNS请求，对指定的ID给出虚假的响应（工具比较老，不知道有没有新的）
Netcat：不解释
Wireshark：神器 winxp下载地址：https://2.na.dl.wireshark.org/win32/all-versions/Wireshark-win32-1.10.14.exe

网络服务模拟：INetSim，Linux工具，可在Linux虚拟机里模拟一些网络服务，是专用于恶意代码分析的软件，会伪装的很像正常服务，给出正常返回，现在比较新的工具是fakenet

作业

工具准备：

配好INETSIM的Linux虚拟机
监控：火绒剑+procexp
PE：exeinfope + CFF + ResourceHacker + Strings
网络：Network Monitor + ncat

Lab3-1

使用动态分析基础技术来分析lab03-01.exe

Lab3-1

1.找出这个恶意代码的导入函数与字符串列表

2.这个恶意代码在主机上的感染迹象特征是什么

3.这个恶意代码是否存在一些有用的网络特征，如果存在，是什么？

1.找出这个恶意代码的导入函数与字符串列表

首先PEiD查壳，发现加壳

从导入表中可以发现只有一个导入的动态链接库

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_安全分析

利用peview可以看到更多的动态链接库

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_安全分析_02

==》我自己的没有！也比较简单：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_字符串_03

WS_32.dll是为网络所用的文件。

ws2_32.dll是WindowsSockets应用程序接口，用于支持Internet和网络应用程序；
表明它有联网功能

利用ida进行分析

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_System_04

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_字符串_05

2.这个恶意代码在主机上的感染迹象特征是什么

接下来进行动态分析。

运行程序Lab03-01.exe

启动process monitor进行分析

恶意代码一般多是会修改注册表，写文件，设置关键字RegSetValue，WriteFile进行过滤。

可以看得第四条往后都有Seed，Seed说明该程序用了随机数。

点击第二条信息的属性，可以看到程序往C:\WINDOWS\system32\vmx32to64.exe写入7，168个字节的数据。

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_DNS_06

我们接着发现我们的恶意程序的大小刚好就是7，168字节。我们猜测，恶意程序将自己复制进C:\WINDOWS\system32\vmx32to64.exe中。

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_System_07

接着我们需要进行校验这个想法，办法就是进行md5进行对照。

经过对照我们发现，md5一致。vmx32to64.exe就是恶意程序自身复制伪装的程序。

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_字符串_08

我们再看第三条，点击属性查看。

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_安全分析_09

新创建的注册表项在HKLM\SOFTWARE\Microsoft\Windows\CurentVersion\Run位置，名为VideoDriver，在\Run文件夹中，用于系统启动时自动运行vmx32to64.exe。

启动Pc hunter进行分析，我们在查看Lab03-01.exe进程句柄的时候发现，进程创建了一个名为WinVMX32 的互斥量。==》用process explorer，见

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_System_10

可以看到线程mutex！

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_DNS_11

当然， pchunter的：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_安全分析_12

在进程模块中，发现调动了之前发现的 WS2_32.dll，与网络进行连接。

3.这个恶意代码是否存在一些有用的网络特征，如果存在，是什么？

利用wireshark进行抓包分析

wireshark 1.10.6是最后支持xp的，比较难找，目前还没找到，所以这步的虚拟机改在windows10上使用。好家伙，程序运行不起来。

我又去找了下wireshark支持xp的版本，然后又找到了。

先不说技术学得如何，工具倒是一堆一堆的。。。

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_字符串_13

DNS中有一个对www.practicalmalwareanalysis.com的请求。这个可以作为网络特征。

Lab 3-2

我自己抓包看到的网络内容（我是inetsim搭建的模拟服务）：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_DNS_14

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_System_15

目标文件：Lab3-2.dll

你怎样才能让这个恶意代码自行安装？
查壳：无壳

这是个dll文件，没法直接运行，查看导入表：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_DNS_16

kernel32里导入了获取目录，动态获取函数地址，创建管道，创建进程，创建线程相关的函数，ADVAPI32.dll里导入了注册表操作和服务操作相关的函数，还加载了windows的网络库，可以推测这个文件有网络行为，并且是个服务程序

查看导出表：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_DNS_17

这个dll自带了安装卸载函数，可以通过rundll32.exe来进行安装了

==>我看到的导出表！
接下来查看下字符串（摘出有用部分）：

Y29ubmVjdA== 			// connect的base64编码
practicalmalwareanalysis.com	// 网址信息 
serve.html	//uri
dW5zdXBwb3J0	//unsupport
c2xlZXA=		//sleep
Y21k			//cmd
cXVpdA==		//quit
 Windows XP 6.11
.exe
HTTP/1.1
%s %s
1234567890123456
quit
exit
getfile
cmd.exe /c
%SystemRoot%\System32\svchost.exe -k
SYSTEM\CurrentControlSet\Services\					//注册表相关内容
CreateService(%s) error %d
Intranet Network Awareness (INA+)
%SystemRoot%\System32\svchost.exe -k netsvcs
OpenSCManager()
You specify service name not in Svchost//netsvcs, must be one of following:
RegQueryValueEx(Svchost\netsvcs)
netsvcs
RegOpenKeyEx(%s) KEY_QUERY_VALUE success.
RegOpenKeyEx(%s) KEY_QUERY_VALUE error .
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
IPRIP		// 服务名称
uninstall success
OpenService(%s) error 2
OpenService(%s) error 1
uninstall is starting
.?AVtype_info@@

字符串信息表明，这里会有注册表操作，会调用cmd.exe来创建进程

接下来安装dll：

>rundll32.exe Lab03-02.dll,installA

火绒剑监控到的信息：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_安全分析_18

这里写入注册表：HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPRIP了一套键值对，并将这个dll注册成为了服务，在火绒剑里可以看到：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_安全分析_19

在安装之后，你如何让这个恶意代码运行起来？
在火绒剑里启动服务即可
你怎么能找到这个恶意代码是在哪个进程下运行的？
dll以服务的形式运行，进程里一定会加载这个dll，在procexp里搜索dll即可找到是哪个进程：
你可以在procmon工具章设置什么样的过滤器，才能收集这个恶意代码的信息？
设置进程ID来过滤即可：（火绒剑）
这个恶意代码在主机上的感染迹象特征是什么？
服务里出现了IPRIP服务，注册表里出现了这一堆东西：
这个恶意代码是否存在有用的网络特征码？

恶意代码启动之后会对这个网址发起DNS请求，以及HTTP请求：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_System_20

Lab 3-3

目标文件：lab03-03.exe

查看导入表发现了资源释放的API，Read/WriteProcessMemory、GetCommandLineA、WriteFile等

当你使用Process Explorer监控时，你注意到了什么？
太快了，来不及截图，lab03-03启动后，创建了子进程svchost，然后就退出了，子进程留了下来（svchost.exe作为孤儿进程，必有蹊跷！）
你可以找出任何内存修改行为吗？
通过火绒剑监控进程行为，对于lab03-03发现如下内容：它执行了c:\windows\system32\svchost.exe，创建了子进程，然后监测到读取子进程的内存，修改内存读写属性，然后跨进程写内存的行为，相当于给把自己换了个壳来运行，svchost变成了傀儡进程（进程伪装）：

火绒剑记录下完整日志：

20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	FILE_read,	C:\WINDOWS\system32\svchost.exe,	offset:0x00000000 datalen:0x00003800 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:0,	1460,	PROC_exec,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 cmdline:'"C:\WINDOWS\system32\svchost.exe"' ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_readvm,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x7FFDE008 bytes_read:0x00000004 datalen:0x00000004 data:'00 00 00 01 ' ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00400000 count:0x00001000 attrib:0x00000040 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00400000 count:0x00001000 attrib:0x00000040 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_writevm,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00400000 bytes_written:0x00001000 datalen:0x00001000 data:'4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 ' ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	BA_invade_process,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00401000 count:0x00003000 attrib:0x00000040 bytes_changed:0x00003000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00401000 count:0x00003000 attrib:0x00000040 bytes_changed:0x00003000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_writevm,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00401000 bytes_written:0x00003000 datalen:0x00003000 data:'55 8B EC 83 EC 08 C7 45 FC 00 00 00 00 FF 15 04 ' ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00404000 count:0x00001000 attrib:0x00000040 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00404000 count:0x00001000 attrib:0x00000040 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_writevm,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00404000 bytes_written:0x00001000 datalen:0x00001000 data:'30 45 00 00 44 45 00 00 54 45 00 00 62 45 00 00 ' ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00405000 count:0x00001000 attrib:0x00000040 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00405000 count:0x00001000 attrib:0x00000040 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_writevm,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x00405000 bytes_written:0x00001000 datalen:0x00001000 data:'00 00 00 00 00 00 00 00 00 00 00 00 D8 29 40 00 ' ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x7FFDE000 count:0x00000004 attrib:0x00000040 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_pgprot,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x7FFDE000 count:0x00001000 attrib:0x00000004 bytes_changed:0x00001000 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	PROC_writevm,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 base:0x7FFDE008 bytes_written:0x00000004 datalen:0x00000004 data:'00 00 40 00 ' ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	THRD_setctxt,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 target_tid:3732 ,	0x00000000 [操作成功完成。  ],	
20:53:52:953,	Lab03-03.exe,	1460:1160,	1460,	THRD_resume,	C:\WINDOWS\system32\svchost.exe,	target_pid:2300 target_tid:3732 ,	0x00000000 [操作成功完成。  ],	
20:53:53:953,	Lab03-03.exe,	1460:0,	1460,	EXEC_destroy,	C:\Documents and Settings\Administrator\桌面\Lab03-03.exe,	parent_pid:1288 cmdline:'"C:\Documents and Settings\Administrator\桌面\Lab03-03.exe" ' ,	0x00000000 [操作成功完成。  ],

果然是符合进程注入的特质！~

这个恶意代码在主机上的感染迹象是什么？
当按下按键的时候，在火绒剑那里会发现新的动作：在同目录下记录日志文件，用于记录按键情况

打开之后可以看到：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_安全分析_21

在哪个窗口里按了哪些键

这个恶意代码的目的时什么？
进程伪装+按键记录器

Lab 3-4

目标文件：lab03-04.exe

当你运行这个文件时，会发生什么？
这个程序闪了一下就消失了，连PE文件也消失了！！！
是什么原因造成动态分析无法实施？
搜索字符串：

看到了删除命令，和HTTP的字符和网址，这里可能是会有http连接发起，但这里不满足运行条件就会触发自毁，火绒剑检测发现：

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4_字符串_22

是否有其他方式来运行这个程序？
通过动态调试可能可以，但目前还没学到，后面学到了再来进一步尝试

火绒剑看到的日志内容：

21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	EXEC_create,	C:\Documents and Settings\Administrator\桌面\Lab03-04.exe,	parent_pid:1288 cmdline:'"C:\Documents and Settings\Administrator\桌面\Lab03-04.exe" ' image_base:0x00400000 image_size:0x00011000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\TSAppCompat,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\TSAppCompat,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\TSAppCompat,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\imm32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\imm32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\imm32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility32\Lab03-04,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IME Compatibility\Lab03-04,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\lpk.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\usp10.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SYSTEM\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shell32.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WindowsShell.Manifest,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WindowsShell.Manifest,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WindowsShell.Manifest,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\SmoothScroll,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SURROGATE,	type:0x00000004 datalen:4 data:'02 00 00 00 ' ,	0xC0000022 [拒绝访问。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\comctl32.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\SmoothScroll,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'B1 0B C6 75 79 9E 20 E1 11 CA 70 3E 58 07 3A DA ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\CriticalSectionTimeout,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\RWLockResourceTimeOut,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\InterfaceHelperDisableAll,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\InterfaceHelperDisableAllForOle32,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\InterfaceHelperDisableTypeLib,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}\InterfaceHelperDisableAll,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}\InterfaceHelperDisableAllForOle32,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\rpcss.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'7A 12 4E D5 EF 99 75 7C CE 12 1E E8 CD F0 5E AC ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'26 96 C5 01 DB E6 09 39 FF 5A 8B A7 7C 4F 92 54 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'AE B6 24 18 D4 40 3E 06 B7 F2 5E A2 83 C7 52 4D ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'BE 62 DB 28 FA 3E A4 54 A2 27 FB C5 05 8F 37 3A ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'11 1E E3 0F 3C 74 B0 47 A6 9A CD 79 40 74 A8 F6 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'98 07 8C 13 77 C3 C1 D7 4D 93 DC 95 33 3D 7F 75 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'7F EF 1C 05 B8 30 F8 45 BE A2 0A EE 0C 78 2E CE ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\uxtheme.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\uxtheme.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\ThemeManager,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\ThemeManager\Compositing,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\LameButtonText,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\MSCTF.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\MSCTF.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\SystemShared\CUAS,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Keyboard Layout\Toggle,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Keyboard Layout\Toggle\Language Hotkey,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Keyboard Layout\Toggle\Language Hotkey,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Keyboard Layout\Toggle\Layout Hotkey,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Keyboard Layout\Toggle\Layout Hotkey,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MaximizeApps,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\MaxRpcSize,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\SuppressionPolicy,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{450D8FBA-AD25-11D0-98A8-0800361B1103}\SuppressionPolicy,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}\SuppressionPolicy,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\SuppressionPolicy,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000002e60e,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\000000000002e60e,	access:0x00000001 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500_CLASSES,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\ShellFolder\WantsParseDisplayName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder\WantsParseDisplayName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\LoadWithoutCOM,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked,	access:0x00020019 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D},	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked,	access:0x00020019 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked\{871C5380-42A0-1069-A2EA-08002B30309D},	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\EnforceShellExtensionSecurity,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached,	access:0x00020019 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached,	access:0x0002001F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\clbcatq.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\comres.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateProcess,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MinimumFreeMemPercentageToCreateObject,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500_CLASSES,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\REGDBVersion,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\Registration\R000000000007.clb,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	FILE_read,	C:\WINDOWS\Registration\R000000000007.clb,	offset:0x00000000 datalen:0x000056F8 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\REGDBVersion,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500_CLASSES,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\InprocServer32,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\AppID,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32\ThreadingModel,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\wininet.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,	access:0x0002001F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ldap\LdapClientIntegrity,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\riched20.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\TypeLib,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\TypeLib\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B722BCCB-4E68-101B-A2BC-00AA00404770}\ProxyStubClsid32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}\ProxyStubClsid32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000214E6-0000-0000-C000-000000000046}\ProxyStubClsid32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000214E6-0000-0000-C000-000000000046}\ProxyStubClsid32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\ProxyStubClsid32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\ProxyStubClsid32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba}\ShellFolder\WantsParseDisplayName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\ShellFolder\WantsParseDisplayName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\ShellFolder\WantsParseDisplayName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849}\ShellFolder\WantsParseDisplayName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972},	type:0x00000001 datalen:2 data:'00 00 ' ,	0xC0000022 [拒绝访问。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InProcServer32\LoadWithoutCOM,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.asp\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bat\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cer\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.chm\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cmd\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.cpl\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.crt\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\REGDBVersion,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\REGDBVersion,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500_CLASSES,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32\InprocServer32,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\AppID,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32\ThreadingModel,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\urlmon.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\urlmon.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\urlmon.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\DisableImprovedZoneCheck,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\Lab03-04.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT\*,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\InprocServer32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SYSTEM\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\Flags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cache,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache,	type:0x00000001 datalen:160 data:'43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Cookies,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies,	type:0x00000001 datalen:96 data:'43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1806,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\setupapi.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SYSTEM\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SYSTEM\WPA\PnP,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\WPA\PnP\seed,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SYSTEM\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\Setup\OsLoaderPath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\Setup\OsLoaderPath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SYSTEM\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemPartition,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackSourcePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ServicePackCachePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\DriverCachePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\DriverCachePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DevicePath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogLevel,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\LogPath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName\ActiveComputerName\ComputerName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Hostname,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Domain,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244e-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244e-41bf-11ed-ac96-806d6172696f}\Data,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244e-41bf-11ed-ac96-806d6172696f}\Data,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244e-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244e-41bf-11ed-ac96-806d6172696f}\Generation,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244f-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244f-41bf-11ed-ac96-806d6172696f}\Data,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244f-41bf-11ed-ac96-806d6172696f}\Data,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244f-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4846244f-41bf-11ed-ac96-806d6172696f}\Generation,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48462451-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48462451-41bf-11ed-ac96-806d6172696f}\Data,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48462451-41bf-11ed-ac96-806d6172696f}\Data,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48462451-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48462451-41bf-11ed-ac96-806d6172696f}\Generation,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48462451-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48462451-41bf-11ed-ac96-806d6172696f}\,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48462451-41bf-11ed-ac96-806d6172696f}\BaseClass,	type:0x00000001 datalen:12 data:'44 72 69 76 65 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244f-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244f-41bf-11ed-ac96-806d6172696f}\,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244f-41bf-11ed-ac96-806d6172696f}\BaseClass,	type:0x00000001 datalen:12 data:'44 72 69 76 65 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244e-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244e-41bf-11ed-ac96-806d6172696f}\,	access:0x02000000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244e-41bf-11ed-ac96-806d6172696f}\BaseClass,	type:0x00000001 datalen:12 data:'44 72 69 76 65 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48462451-41bf-11ed-ac96-806d6172696f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{48462451-41bf-11ed-ac96-806d6172696f}\Generation,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleStartMenu,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\DocObject,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\BrowseInPlace,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\IsShortcut,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\AlwaysShowExt,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\NeverShowExt,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\command,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\ShellNoRoam,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Control Panel\Desktop\MultiUILanguageId,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\LangID,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\WINDOWS\system32\cmd.exe,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00120189 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	FILE_read,	C:\WINDOWS\system32\cmd.exe,	offset:0x00000000 datalen:0x00000040 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\InheritConsoleHandles,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRunasInstallPrompt,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x001000A1 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility\DisableAppCompat,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\AppPatch\sysmain.sdb,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter\Installed,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Levels,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ItemData,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\SaferFlags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemData,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\HashAlg,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ItemSize,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\SaferFlags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemData,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\HashAlg,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ItemSize,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\SaferFlags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemData,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\HashAlg,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ItemSize,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\SaferFlags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemData,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\HashAlg,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ItemSize,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\SaferFlags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc},	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemData,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\HashAlg,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ItemSize,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\SaferFlags,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\DefaultLevel,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\LogFileName,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	FILE_read,	C:\WINDOWS\system32\cmd.exe,	offset:0x00000000 datalen:0x00073000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	PROC_exec,	C:\WINDOWS\system32\cmd.exe,	target_pid:216 cmdline:'"C:\WINDOWS\system32\cmd.exe" /c del C:\DOCUME~1\ADMINI~1\桌面\Lab03-04.exe >> NUL' ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	THRD_resume,	C:\WINDOWS\system32\cmd.exe,	target_pid:216 target_tid:1908 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_openkey,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize,	access:0x000F003F ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	REG_getval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles,	type:0x00000000 datalen:0 data:,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	EXEC_destroy,	C:\Documents and Settings\Administrator\桌面\Lab03-04.exe,	parent_pid:1288 cmdline:'"C:\Documents and Settings\Administrator\桌面\Lab03-04.exe" ' ,	0x00000000 [操作成功完成。  ],

很明显太多了，读取注册表的过滤下：

21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	EXEC_create,	C:\Documents and Settings\Administrator\桌面\Lab03-04.exe,	parent_pid:1288 cmdline:'"C:\Documents and Settings\Administrator\桌面\Lab03-04.exe" ' image_base:0x00400000 image_size:0x00011000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\imm32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\imm32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\imm32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\lpk.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\usp10.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:656,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shell32.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WindowsShell.Manifest,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WindowsShell.Manifest,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\WindowsShell.Manifest,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\comctl32.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'B1 0B C6 75 79 9E 20 E1 11 CA 70 3E 58 07 3A DA ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\rpcss.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'7A 12 4E D5 EF 99 75 7C CE 12 1E E8 CD F0 5E AC ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'26 96 C5 01 DB E6 09 39 FF 5A 8B A7 7C 4F 92 54 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'AE B6 24 18 D4 40 3E 06 B7 F2 5E A2 83 C7 52 4D ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'BE 62 DB 28 FA 3E A4 54 A2 27 FB C5 05 8F 37 3A ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'11 1E E3 0F 3C 74 B0 47 A6 9A CD 79 40 74 A8 F6 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'98 07 8C 13 77 C3 C1 D7 4D 93 DC 95 33 3D 7F 75 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed,	type:0x00000003 datalen:80 data:'7F EF 1C 05 B8 30 F8 45 BE A2 0A EE 0C 78 2E CE ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\uxtheme.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:671,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\uxtheme.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\MSCTF.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\MSCTF.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\clbcatq.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\comres.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\Registration\R000000000007.clb,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:3456,	2476,	FILE_read,	C:\WINDOWS\Registration\R000000000007.clb,	offset:0x00000000 datalen:0x000056F8 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\wininet.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\riched20.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:687,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\shdocvw.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\urlmon.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\urlmon.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\urlmon.dll,	access:0x001200A9 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet,	type:0x00000004 datalen:4 data:'01 00 00 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache,	type:0x00000001 datalen:160 data:'43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies,	type:0x00000001 datalen:96 data:'43 3A 5C 44 6F 63 75 6D 65 6E 74 73 20 61 6E 64 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\setupapi.dll,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48462451-41bf-11ed-ac96-806d6172696f}\BaseClass,	type:0x00000001 datalen:12 data:'44 72 69 76 65 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244f-41bf-11ed-ac96-806d6172696f}\BaseClass,	type:0x00000001 datalen:12 data:'44 72 69 76 65 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:703,	Lab03-04.exe,	2476:3456,	2476,	REG_setval,	HKEY_USERS\S-1-5-21-1993962763-1383384898-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4846244e-41bf-11ed-ac96-806d6172696f}\BaseClass,	type:0x00000001 datalen:12 data:'44 72 69 76 65 00 ' ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00120189 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	FILE_read,	C:\WINDOWS\system32\cmd.exe,	offset:0x00000000 datalen:0x00000040 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x001000A1 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\AppPatch\sysmain.sdb,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000001 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00100020 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	FILE_open,	C:\WINDOWS\system32\cmd.exe,	access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	FILE_read,	C:\WINDOWS\system32\cmd.exe,	offset:0x00000000 datalen:0x00073000 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	PROC_exec,	C:\WINDOWS\system32\cmd.exe,	target_pid:216 cmdline:'"C:\WINDOWS\system32\cmd.exe" /c del C:\DOCUME~1\ADMINI~1\桌面\Lab03-04.exe >> NUL' ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:3456,	2476,	THRD_resume,	C:\WINDOWS\system32\cmd.exe,	target_pid:216 target_tid:1908 ,	0x00000000 [操作成功完成。  ],	
21:13:20:718,	Lab03-04.exe,	2476:0,	2476,	EXEC_destroy,	C:\Documents and Settings\Administrator\桌面\Lab03-04.exe,	parent_pid:1288 cmdline:'"C:\Documents and Settings\Administrator\桌面\Lab03-04.exe" ' ,	0x00000000 [操作成功完成。  ],

标签：分析,2476,0x00000000,exe,20,21,恶意代码,Lab3,Lab03
From： https://blog.51cto.com/u_11908275/6941783

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4

笔记

作业

Lab3-1

1.找出这个恶意代码的导入函数与字符串列表

2.这个恶意代码在主机上的感染迹象特征是什么

3.这个恶意代码是否存在一些有用的网络特征，如果存在，是什么？

Lab 3-2

Lab 3-3

Lab 3-4

相关文章

赞助商

阅读排行

恶意代码分析 动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4

笔记

作业

Lab3-1

1.找出这个恶意代码的导入函数与字符串列表

2.这个恶意代码在主机上的感染迹象特征是什么

3.这个恶意代码是否存在一些有用的网络特征，如果存在，是什么？

Lab 3-2

Lab 3-3

Lab 3-4

相关文章

赞助商

阅读排行

恶意代码分析动态行为分析 Lab3-1 Lab3-2 Lab3-3 Lab3-4