| 1 |
root@honey3:~/honeyclient# perl -Ilib bin/StartManager.pl --url_list /home/honeyusr/urls.txt |
|---|
| 2 |
Starting new session... |
|---|
| 3 |
Subroutine LWP::UserAgent::redirect_ok redefined at /usr/local/share/perl/5.8.8/SOAP/Transport/HTTP.pm line 41, <URL> line 17741. |
|---|
| 4 |
Subroutine LWP::Protocol::collect redefined at /usr/local/share/perl/5.8.8/SOAP/Transport/HTTP.pm line 59, <URL> line 17741. |
|---|
| 5 |
2008-03-21 20:54:13 INFO [HoneyClient::Manager::VM::init] (lib/HoneyClient/Manager/VM.pm:757) - Initializing VM daemon at PID: 5674 |
|---|
| 6 |
2008-03-21 20:54:13 INFO [HoneyClient::Manager::VM::Clone::new] (lib/HoneyClient/Manager/VM/Clone.pm:885) - Setting VM (/home/honeyusr/vm/master/master.vmx) as master. |
|---|
| 7 |
2008-03-21 20:54:26 INFO [HoneyClient::Manager::VM::Clone::_init] (lib/HoneyClient/Manager/VM/Clone.pm:580) - Quick cloning master VM (/home/honeyusr/vm/master/master.vmx). |
|---|
| 8 |
2008-03-21 20:55:33 INFO [HoneyClient::Manager::VM::Clone::_init] (lib/HoneyClient/Manager/VM/Clone.pm:649) - Initialized clone VM (07888a49c481c2757e48f6a01b) using IP (10.0.0.146) and MAC (00:0c:29:2d:bb:3e). |
|---|
| 9 |
2008-03-21 20:56:15 ERROR [HoneyClient::Manager::Database::_AUTOLOAD] (lib/HoneyClient/Manager/Database.pm:233) - Error: RPC communications failure. |
|---|
| 10 |
2008-03-21 20:56:15 WARN [HoneyClient::Manager::runSession] (lib/HoneyClient/Manager.pm:670) - Failure Inserting Client Object: |
|---|
| 11 |
Error: RPC communications failure. at lib/HoneyClient/Manager.pm line 962 |
|---|
| 12 |
VM State Table: |
|---|
| 13 |
$VAR1 = { |
|---|
| 14 |
'07888a49c481c2757e48f6a01b' => { |
|---|
| 15 |
'sources' => { |
|---|
| 16 |
'00:0c:29:2d:bb:3e' => { |
|---|
| 17 |
'10.0.0.146' => { |
|---|
| 18 |
'tcp' => [ |
|---|
| 19 |
80, |
|---|
| 20 |
443 |
|---|
| 21 |
] |
|---|
| 22 |
} |
|---|
| 23 |
} |
|---|
| 24 |
} |
|---|
| 25 |
} |
|---|
| 26 |
}; |
|---|
| 27 |
|
|---|
| 28 |
Cannot encode unnamed element as 'hash'. Will be encoded as 'map' instead |
|---|
| 29 |
Cannot encode 'sources' element as 'hash'. Will be encoded as 'map' instead |
|---|
| 30 |
Cannot encode 'value' element as 'hash'. Will be encoded as 'map' instead |
|---|
| 31 |
Calling updateState()... |
|---|
| 32 |
Calling getStatus()... |
|---|
| 33 |
Result: |
|---|
| 34 |
$VAR1 = { |
|---|
| 35 |
'links_remaining' => '17741', |
|---|
| 36 |
'is_running' => 0, |
|---|
| 37 |
'links_processed' => 0, |
|---|
| 38 |
'percent_complete' => '0.00%', |
|---|
| 39 |
'is_compromised' => 0, |
|---|
| 40 |
'relative_links_remaining' => 1, |
|---|
| 41 |
'links_total' => '17741' |
|---|
| 42 |
}; |
|---|
| 43 |
VM Integrity Check: OK! |
|---|
| 44 |
Cannot encode unnamed element as 'hash'. Will be encoded as 'map' instead |
|---|
| 45 |
Cannot encode 'sources' element as 'hash'. Will be encoded as 'map' instead |
|---|
| 46 |
Cannot encode 'value' element as 'hash'. Will be encoded as 'map' instead |
|---|
| 47 |
VM State Table: |
|---|
| 48 |
$VAR1 = { |
|---|
| 49 |
'07888a49c481c2757e48f6a01b' => { |
|---|
| 50 |
'targets' => { |
|---|
| 51 |
'000dom.revenuedirect.com' => { |
|---|
| 52 |
'tcp' => [ |
|---|
| 53 |
80 |
|---|
| 54 |
] |
|---|
| 55 |
} |
|---|
| 56 |
}, |
|---|
| 57 |
'sources' => { |
|---|
| 58 |
'00:0c:29:2d:bb:3e' => { |
|---|
| 59 |
'10.0.0.146' => { |
|---|
| 60 |
'tcp' => [ |
|---|
| 61 |
80, |
|---|
| 62 |
443 |
|---|
| 63 |
] |
|---|
| 64 |
} |
|---|
| 65 |
} |
|---|
| 66 |
} |
|---|
| 67 |
} |
|---|
| 68 |
}; |
|---|
| 69 |
|
|---|
| 70 |
Cannot encode unnamed element as 'hash'. Will be encoded as 'map' instead |
|---|
| 71 |
Cannot encode 'targets' element as 'hash'. Will be encoded as 'map' instead |
|---|
| 72 |
Cannot encode 'sources' element as 'hash'. Will be encoded as 'map' instead |
|---|
| 73 |
Cannot encode 'value' element as 'hash'. Will be encoded as 'map' instead |
|---|
| 74 |
Calling run()... |
|---|
| 75 |
Sleeping for 2s... |
|---|
| 76 |
Calling getStatus()... |
|---|
| 77 |
Result: |
|---|
| 78 |
$VAR1 = { |
|---|
| 79 |
'links_remaining' => '17741', |
|---|
| 80 |
'is_running' => 1, |
|---|
| 81 |
'links_processed' => 0, |
|---|
| 82 |
'percent_complete' => '0.00%', |
|---|
| 83 |
'is_compromised' => 0, |
|---|
| 84 |
'relative_links_remaining' => 1, |
|---|
| 85 |
'links_total' => '17741' |
|---|
| 86 |
}; |
|---|
| 87 |
Sleeping for 2s... |
|---|
| 88 |
Calling getStatus()... |
|---|
| 89 |
Result: |
|---|
| 90 |
$VAR1 = { |
|---|
| 91 |
'links_remaining' => '17741', |
|---|
| 92 |
'is_running' => 1, |
|---|
| 93 |
'links_processed' => 0, |
|---|
| 94 |
'percent_complete' => '0.00%', |
|---|
| 95 |
'is_compromised' => 0, |
|---|
| 96 |
'relative_links_remaining' => 1, |
|---|
| 97 |
'links_total' => '17741' |
|---|
| 98 |
}; |
|---|
| 99 |
Sleeping for 2s... |
|---|
| 100 |
Calling getStatus()... |
|---|
| 101 |
Result: |
|---|
| 102 |
$VAR1 = { |
|---|
| 103 |
'links_remaining' => '17741', |
|---|
| 104 |
'is_running' => 1, |
|---|
| 105 |
'links_processed' => 0, |
|---|
| 106 |
'percent_complete' => '0.00%', |
|---|
| 107 |
'is_compromised' => 0, |
|---|
| 108 |
'relative_links_remaining' => 1, |
|---|
| 109 |
'links_total' => '17741' |
|---|
| 110 |
}; |
|---|
| 111 |
Sleeping for 2s... |
|---|
| 112 |
Calling getStatus()... |
|---|
| 113 |
Result: |
|---|
| 114 |
$VAR1 = { |
|---|
| 115 |
'links_remaining' => '17741', |
|---|
| 116 |
'is_running' => 1, |
|---|
| 117 |
'links_processed' => 0, |
|---|
| 118 |
'percent_complete' => '0.00%', |
|---|
| 119 |
'is_compromised' => 0, |
|---|
| 120 |
'relative_links_remaining' => 1, |
|---|
| 121 |
'links_total' => '17741' |
|---|
| 122 |
}; |
|---|
| 123 |
Sleeping for 2s... |
|---|
| 124 |
Calling getStatus()... |
|---|
| 125 |
Result: |
|---|
| 126 |
$VAR1 = { |
|---|
| 127 |
'links_remaining' => '17741', |
|---|
| 128 |
'is_running' => 1, |
|---|
| 129 |
'links_processed' => 0, |
|---|
| 130 |
'percent_complete' => '0.00%', |
|---|
| 131 |
'is_compromised' => 0, |
|---|
| 132 |
'relative_links_remaining' => 1, |
|---|
| 133 |
'links_total' => '17741' |
|---|
| 134 |
}; |
|---|
| 135 |
Sleeping for 2s... |
|---|
| 136 |
Calling getStatus()... |
|---|
| 137 |
Result: |
|---|
| 138 |
$VAR1 = { |
|---|
| 139 |
'links_remaining' => '17741', |
|---|
| 140 |
'is_running' => 1, |
|---|
| 141 |
'links_processed' => 0, |
|---|
| 142 |
'percent_complete' => '0.00%', |
|---|
| 143 |
'is_compromised' => 0, |
|---|
| 144 |
'relative_links_remaining' => 1, |
|---|
| 145 |
'links_total' => '17741' |
|---|
| 146 |
}; |
|---|
| 147 |
Sleeping for 2s... |
|---|
| 148 |
Calling getStatus()... |
|---|
| 149 |
Result: |
|---|
| 150 |
$VAR1 = { |
|---|
| 151 |
'links_remaining' => '17741', |
|---|
| 152 |
'is_running' => 1, |
|---|
| 153 |
'links_processed' => 0, |
|---|
| 154 |
'percent_complete' => '0.00%', |
|---|
| 155 |
'is_compromised' => 0, |
|---|
| 156 |
'relative_links_remaining' => 1, |
|---|
| 157 |
'links_total' => '17741' |
|---|
| 158 |
}; |
|---|
| 159 |
Sleeping for 2s... |
|---|
| 160 |
Calling getStatus()... |
|---|
| 161 |
Result: |
|---|
| 162 |
$VAR1 = { |
|---|
| 163 |
'links_remaining' => '17741', |
|---|
| 164 |
'is_running' => 1, |
|---|
| 165 |
'links_processed' => 0, |
|---|
| 166 |
'percent_complete' => '0.00%', |
|---|
| 167 |
'is_compromised' => 0, |
|---|
| 168 |
'relative_links_remaining' => 1, |
|---|
| 169 |
'links_total' => '17741' |
|---|
| 170 |
}; |
|---|
| 171 |
Sleeping for 2s... |
|---|
| 172 |
Calling getStatus()... |
|---|
| 173 |
Result: |
|---|
| 174 |
$VAR1 = { |
|---|
| 175 |
'links_remaining' => '17741', |
|---|
| 176 |
'is_running' => 1, |
|---|
| 177 |
'links_processed' => 0, |
|---|
| 178 |
'percent_complete' => '0.00%', |
|---|
| 179 |
'is_compromised' => 0, |
|---|
| 180 |
'relative_links_remaining' => 1, |
|---|
| 181 |
'links_total' => '17741' |
|---|
| 182 |
}; |
|---|
| 183 |
Sleeping for 2s... |
|---|
| 184 |
Calling getStatus()... |
|---|
| 185 |
Result: |
|---|
| 186 |
$VAR1 = { |
|---|
| 187 |
'links_remaining' => '17741', |
|---|
| 188 |
'is_running' => 1, |
|---|
| 189 |
'links_processed' => 0, |
|---|
| 190 |
'percent_complete' => '0.00%', |
|---|
| 191 |
'is_compromised' => 0, |
|---|
| 192 |
'relative_links_remaining' => 1, |
|---|
| 193 |
'links_total' => '17741' |
|---|
| 194 |
}; |
|---|
| 195 |
Sleeping for 2s... |
|---|
| 196 |
Calling getStatus()... |
|---|
| 197 |
Result: |
|---|
| 198 |
$VAR1 = { |
|---|
| 199 |
'links_remaining' => '17740', |
|---|
| 200 |
'is_running' => 0, |
|---|
| 201 |
'links_processed' => 1, |
|---|
| 202 |
'percent_complete' => '0.01%', |
|---|
| 203 |
'is_compromised' => 1, |
|---|
| 204 |
'relative_links_remaining' => 1, |
|---|
| 205 |
'links_total' => '17741', |
|---|
| 206 |
'fingerprint' => { |
|---|
| 207 |
'last_resource' => 'http://000dom.revenuedirect.com/', |
|---|
| 208 |
'time_at' => '2008-03-21 20:56:12.593', |
|---|
| 209 |
'os_processes' => [ |
|---|
| 210 |
{ |
|---|
| 211 |
'pid' => '948', |
|---|
| 212 |
'regkeys' => [], |
|---|
| 213 |
'name' => 'C:\\Programme\\VMware\\VMware Tools\\VMwareService.exe', |
|---|
| 214 |
'process_files' => [ |
|---|
| 215 |
{ |
|---|
| 216 |
'name' => 'C:\\WINDOWS\\system32\\MsDtc\\MSDTC.LOG', |
|---|
| 217 |
'file_content' => { |
|---|
| 218 |
'sha1' => '4ff7fe298648b82917baa5966b310e2d4e6c841f', |
|---|
| 219 |
'md5' => '24d60e2c2d0291764e36b45b59cbfa10', |
|---|
| 220 |
'size' => '4194304', |
|---|
| 221 |
'mime_type' => 'application/octet-stream' |
|---|
| 222 |
}, |
|---|
| 223 |
'event' => 'Write', |
|---|
| 224 |
'time_at' => '2008-03-21 20:56:12.593' |
|---|
| 225 |
}, |
|---|
| 226 |
{ |
|---|
| 227 |
'name' => 'C:\\WINDOWS\\system32\\wbem\\Repository\\FS', |
|---|
| 228 |
'file_content' => { |
|---|
| 229 |
'sha1' => 'C:\\WINDOWS\\system32\\wbem\\Repository\\FS2008-03-21 20:56:12.609', |
|---|
| 230 |
'md5' => 'C:\\WINDOWS\\system32\\wbem\\Repository\\FS2008-03-21 20:56:12.609', |
|---|
| 231 |
'size' => -1, |
|---|
| 232 |
'mime_type' => 'UNKNOWN' |
|---|
| 233 |
}, |
|---|
| 234 |
'event' => 'Write', |
|---|
| 235 |
'time_at' => '2008-03-21 20:56:12.609' |
|---|
| 236 |
}, |
|---|
| 237 |
{ |
|---|
| 238 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator', |
|---|
| 239 |
'file_content' => { |
|---|
| 240 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator2008-03-21 20:56:12.625', |
|---|
| 241 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator2008-03-21 20:56:12.625', |
|---|
| 242 |
'size' => -1, |
|---|
| 243 |
'mime_type' => 'UNKNOWN' |
|---|
| 244 |
}, |
|---|
| 245 |
'event' => 'Write', |
|---|
| 246 |
'time_at' => '2008-03-21 20:56:12.625' |
|---|
| 247 |
}, |
|---|
| 248 |
{ |
|---|
| 249 |
'name' => 'C:\\cygwin\\lib\\perl5\\5.8\\cygwin\\auto\\Storable', |
|---|
| 250 |
'file_content' => { |
|---|
| 251 |
'sha1' => 'C:\\cygwin\\lib\\perl5\\5.8\\cygwin\\auto\\Storable2008-03-21 20:56:12.625', |
|---|
| 252 |
'md5' => 'C:\\cygwin\\lib\\perl5\\5.8\\cygwin\\auto\\Storable2008-03-21 20:56:12.625', |
|---|
| 253 |
'size' => -1, |
|---|
| 254 |
'mime_type' => 'UNKNOWN' |
|---|
| 255 |
}, |
|---|
| 256 |
'event' => 'Write', |
|---|
| 257 |
'time_at' => '2008-03-21 20:56:12.625' |
|---|
| 258 |
}, |
|---|
| 259 |
{ |
|---|
| 260 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\index.dat', |
|---|
| 261 |
'file_content' => { |
|---|
| 262 |
'sha1' => 'ed028bd1fd41b030dd4e33da70b276cf8f8e227e', |
|---|
| 263 |
'md5' => 'ef492f3b623a2cb4fe785277ec6eee73', |
|---|
| 264 |
'size' => '229376', |
|---|
| 265 |
'mime_type' => 'application/octet-stream' |
|---|
| 266 |
}, |
|---|
| 267 |
'event' => 'Write', |
|---|
| 268 |
'time_at' => '2008-03-21 20:56:42.703' |
|---|
| 269 |
}, |
|---|
| 270 |
{ |
|---|
| 271 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Verlauf\\History.IE5\\MSHist012008032120080322\\index.dat', |
|---|
| 272 |
'file_content' => { |
|---|
| 273 |
'sha1' => 'abd10a849bdf2e0a53418832128fb0316a9e8ad4', |
|---|
| 274 |
'md5' => 'dc70922c670ada4ccc3e7aa9e3ed4540', |
|---|
| 275 |
'size' => '32768', |
|---|
| 276 |
'mime_type' => 'application/octet-stream' |
|---|
| 277 |
}, |
|---|
| 278 |
'event' => 'Write', |
|---|
| 279 |
'time_at' => '2008-03-21 20:56:42.718' |
|---|
| 280 |
}, |
|---|
| 281 |
{ |
|---|
| 282 |
'name' => 'C:\\WINDOWS', |
|---|
| 283 |
'file_content' => { |
|---|
| 284 |
'sha1' => 'C:\\WINDOWS2008-03-21 20:56:42.734', |
|---|
| 285 |
'md5' => 'C:\\WINDOWS2008-03-21 20:56:42.734', |
|---|
| 286 |
'size' => -1, |
|---|
| 287 |
'mime_type' => 'UNKNOWN' |
|---|
| 288 |
}, |
|---|
| 289 |
'event' => 'Write', |
|---|
| 290 |
'time_at' => '2008-03-21 20:56:42.734' |
|---|
| 291 |
}, |
|---|
| 292 |
{ |
|---|
| 293 |
'name' => 'C:\\WINDOWS\\system32', |
|---|
| 294 |
'file_content' => { |
|---|
| 295 |
'sha1' => 'C:\\WINDOWS\\system322008-03-21 20:56:42.734', |
|---|
| 296 |
'md5' => 'C:\\WINDOWS\\system322008-03-21 20:56:42.734', |
|---|
| 297 |
'size' => -1, |
|---|
| 298 |
'mime_type' => 'UNKNOWN' |
|---|
| 299 |
}, |
|---|
| 300 |
'event' => 'Write', |
|---|
| 301 |
'time_at' => '2008-03-21 20:56:42.734' |
|---|
| 302 |
}, |
|---|
| 303 |
{ |
|---|
| 304 |
'name' => 'C:\\Programme', |
|---|
| 305 |
'file_content' => { |
|---|
| 306 |
'sha1' => 'C:\\Programme2008-03-21 20:56:42.765', |
|---|
| 307 |
'md5' => 'C:\\Programme2008-03-21 20:56:42.765', |
|---|
| 308 |
'size' => -1, |
|---|
| 309 |
'mime_type' => 'UNKNOWN' |
|---|
| 310 |
}, |
|---|
| 311 |
'event' => 'Write', |
|---|
| 312 |
'time_at' => '2008-03-21 20:56:42.765' |
|---|
| 313 |
}, |
|---|
| 314 |
{ |
|---|
| 315 |
'name' => 'C:\\Programme\\Messenger', |
|---|
| 316 |
'file_content' => { |
|---|
| 317 |
'sha1' => 'C:\\Programme\\Messenger2008-03-21 20:56:42.765', |
|---|
| 318 |
'md5' => 'C:\\Programme\\Messenger2008-03-21 20:56:42.765', |
|---|
| 319 |
'size' => -1, |
|---|
| 320 |
'mime_type' => 'UNKNOWN' |
|---|
| 321 |
}, |
|---|
| 322 |
'event' => 'Write', |
|---|
| 323 |
'time_at' => '2008-03-21 20:56:42.765' |
|---|
| 324 |
}, |
|---|
| 325 |
{ |
|---|
| 326 |
'name' => 'C:\\Programme\\Internet Explorer', |
|---|
| 327 |
'file_content' => { |
|---|
| 328 |
'sha1' => 'C:\\Programme\\Internet Explorer2008-03-21 20:56:42.765', |
|---|
| 329 |
'md5' => 'C:\\Programme\\Internet Explorer2008-03-21 20:56:42.765', |
|---|
| 330 |
'size' => -1, |
|---|
| 331 |
'mime_type' => 'UNKNOWN' |
|---|
| 332 |
}, |
|---|
| 333 |
'event' => 'Write', |
|---|
| 334 |
'time_at' => '2008-03-21 20:56:42.765' |
|---|
| 335 |
}, |
|---|
| 336 |
{ |
|---|
| 337 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator', |
|---|
| 338 |
'file_content' => { |
|---|
| 339 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator2008-03-21 20:56:42.781', |
|---|
| 340 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator2008-03-21 20:56:42.781', |
|---|
| 341 |
'size' => -1, |
|---|
| 342 |
'mime_type' => 'UNKNOWN' |
|---|
| 343 |
}, |
|---|
| 344 |
'event' => 'Write', |
|---|
| 345 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 346 |
}, |
|---|
| 347 |
{ |
|---|
| 348 |
'name' => 'C:\\Programme\\Firefox', |
|---|
| 349 |
'file_content' => { |
|---|
| 350 |
'sha1' => 'C:\\Programme\\Firefox2008-03-21 20:56:42.781', |
|---|
| 351 |
'md5' => 'C:\\Programme\\Firefox2008-03-21 20:56:42.781', |
|---|
| 352 |
'size' => -1, |
|---|
| 353 |
'mime_type' => 'UNKNOWN' |
|---|
| 354 |
}, |
|---|
| 355 |
'event' => 'Write', |
|---|
| 356 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 357 |
}, |
|---|
| 358 |
{ |
|---|
| 359 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen', |
|---|
| 360 |
'file_content' => { |
|---|
| 361 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen2008-03-21 20:56:42.781', |
|---|
| 362 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen2008-03-21 20:56:42.781', |
|---|
| 363 |
'size' => -1, |
|---|
| 364 |
'mime_type' => 'UNKNOWN' |
|---|
| 365 |
}, |
|---|
| 366 |
'event' => 'Write', |
|---|
| 367 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 368 |
}, |
|---|
| 369 |
{ |
|---|
| 370 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Verlauf\\History.IE5', |
|---|
| 371 |
'file_content' => { |
|---|
| 372 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Verlauf\\History.IE52008-03-21 20:56:42.781', |
|---|
| 373 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Verlauf\\History.IE52008-03-21 20:56:42.781', |
|---|
| 374 |
'size' => -1, |
|---|
| 375 |
'mime_type' => 'UNKNOWN' |
|---|
| 376 |
}, |
|---|
| 377 |
'event' => 'Write', |
|---|
| 378 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 379 |
}, |
|---|
| 380 |
{ |
|---|
| 381 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\S1GHOV2L', |
|---|
| 382 |
'file_content' => { |
|---|
| 383 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\S1GHOV2L2008-03-21 20:56:42.781', |
|---|
| 384 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\S1GHOV2L2008-03-21 20:56:42.781', |
|---|
| 385 |
'size' => -1, |
|---|
| 386 |
'mime_type' => 'UNKNOWN' |
|---|
| 387 |
}, |
|---|
| 388 |
'event' => 'Write', |
|---|
| 389 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 390 |
}, |
|---|
| 391 |
{ |
|---|
| 392 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\OFGADB3Q', |
|---|
| 393 |
'file_content' => { |
|---|
| 394 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\OFGADB3Q2008-03-21 20:56:42.781', |
|---|
| 395 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Temporary Internet Files\\Content.IE5\\OFGADB3Q2008-03-21 20:56:42.781', |
|---|
| 396 |
'size' => -1, |
|---|
| 397 |
'mime_type' => 'UNKNOWN' |
|---|
| 398 |
}, |
|---|
| 399 |
'event' => 'Write', |
|---|
| 400 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 401 |
}, |
|---|
| 402 |
{ |
|---|
| 403 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Anwendungsdaten', |
|---|
| 404 |
'file_content' => { |
|---|
| 405 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Anwendungsdaten2008-03-21 20:56:42.781', |
|---|
| 406 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator\\Lokale Einstellungen\\Anwendungsdaten2008-03-21 20:56:42.781', |
|---|
| 407 |
'size' => -1, |
|---|
| 408 |
'mime_type' => 'UNKNOWN' |
|---|
| 409 |
}, |
|---|
| 410 |
'event' => 'Write', |
|---|
| 411 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 412 |
}, |
|---|
| 413 |
{ |
|---|
| 414 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Cookies', |
|---|
| 415 |
'file_content' => { |
|---|
| 416 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator\\Cookies2008-03-21 20:56:42.781', |
|---|
| 417 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator\\Cookies2008-03-21 20:56:42.781', |
|---|
| 418 |
'size' => -1, |
|---|
| 419 |
'mime_type' => 'UNKNOWN' |
|---|
| 420 |
}, |
|---|
| 421 |
'event' => 'Write', |
|---|
| 422 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 423 |
}, |
|---|
| 424 |
{ |
|---|
| 425 |
'name' => 'C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\%USERPROFILE%\\Lokale Einstellungen\\Anwendungsdaten\\Microsoft\\Feeds Cache', |
|---|
| 426 |
'file_content' => { |
|---|
| 427 |
'sha1' => 'C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\%USERPROFILE%\\Lokale Einstellungen\\Anwendungsdaten\\Microsoft\\Feeds Cache2008-03-21 20:56:42.781', |
|---|
| 428 |
'md5' => 'C:\\Dokumente und Einstellungen\\Administrator\\Desktop\\%USERPROFILE%\\Lokale Einstellungen\\Anwendungsdaten\\Microsoft\\Feeds Cache2008-03-21 20:56:42.781', |
|---|
| 429 |
'size' => -1, |
|---|
| 430 |
'mime_type' => 'UNKNOWN' |
|---|
| 431 |
}, |
|---|
| 432 |
'event' => 'Write', |
|---|
| 433 |
'time_at' => '2008-03-21 20:56:42.781' |
|---|
| 434 |
}, |
|---|
| 435 |
{ |
|---|
| 436 |
'name' => 'C:\\cygwin\\lib\\perl5\\site_perl\\5.8\\DateTime\\TimeZone\\Europe', |
|---|
| 437 |
'file_content' => { |
|---|
| 438 |
'sha1' => 'C:\\cygwin\\lib\\perl5\\site_perl\\5.8\\DateTime\\TimeZone\\Europe2008-03-21 20:56:42.796', |
|---|
| 439 |
'md5' => 'C:\\cygwin\\lib\\perl5\\site_perl\\5.8\\DateTime\\TimeZone\\Europe2008-03-21 20:56:42.796', |
|---|
| 440 |
'size' => -1, |
|---|
| 441 |
'mime_type' => 'UNKNOWN' |
|---|
| 442 |
}, |
|---|
| 443 |
'event' => 'Write', |
|---|
| 444 |
'time_at' => '2008-03-21 20:56:42.796' |
|---|
| 445 |
} |
|---|
| 446 |
] |
|---|
| 447 |
}, |
|---|
| 448 |
{ |
|---|
| 449 |
'stopped' => '2008-03-21 20:56:47.625', |
|---|
| 450 |
'created' => '2008-03-21 20:56:27.453', |
|---|
| 451 |
'regkeys' => [ |
|---|
| 452 |
{ |
|---|
| 453 |
'value_type' => 'REG_DWORD', |
|---|
| 454 |
'value_name' => 'CompatibilityFlags', |
|---|
| 455 |
'value' => '0', |
|---|
| 456 |
'name' => 'HKCU\\Software\\Microsoft\\Internet Explorer\\Main', |
|---|
| 457 |
'time_at' => '2008-03-21 20:56:27.671', |
|---|
| 458 |
'event' => 'SetValueKey' |
|---|
| 459 |
}, |
|---|
| 460 |
{ |
|---|
| 461 |
'value_type' => 'REG_SZ', |
|---|
| 462 |
'value_name' => 'Desktop', |
|---|
| 463 |
'value' => 'C:\\Dokumente und Einstellungen\\Administrator\\Desktop', |
|---|
| 464 |
'name' => 'HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders', |
|---|
| 465 |
'time_at' => '2008-03-21 20:56:27.796', |
|---|
| 466 |
& |
|---|
