| 1 |
"2008-04-02 21:44:40.376","process","created","1380","C:\WINDOWS\explorer.exe","2496","C:\WINDOWS\system32\notepad.exe" |
|---|
| 2 |
"2008-04-02 21:44:42.766","file","Write","984","C:\WINDOWS\system32\svchost.exe","C:\Documents and Settings\Administrator\SendTo" |
|---|
| 3 |
"2008-04-02 21:44:42.782","file","Write","984","C:\WINDOWS\system32\svchost.exe","C:\Documents and Settings\Administrator\Local Settings\Application Data" |
|---|
| 4 |
"2008-04-02 21:44:48.985","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Recent","REG_SZ","C:\Documents and Settings\Administrator\Recent" |
|---|
| 5 |
"2008-04-02 21:44:49.32","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{259bda13-8b6f-11d7-9c24-806d6172696f}","BaseClass","REG_SZ","Drive" |
|---|
| 6 |
"2008-04-02 21:44:49.32","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bdee3a6-fbab-11dc-9af4-806d6172696f}","BaseClass","REG_SZ","Drive" |
|---|
| 7 |
"2008-04-02 21:44:49.32","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{259bda11-8b6f-11d7-9c24-806d6172696f}","BaseClass","REG_SZ","Drive" |
|---|
| 8 |
"2008-04-02 21:44:49.32","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86efd67e-0a06-11dc-97a7-806d6172696f}","BaseClass","REG_SZ","Drive" |
|---|
| 9 |
"2008-04-02 21:44:49.329","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Personal","REG_SZ","C:\Documents and Settings\Administrator\My Documents" |
|---|
| 10 |
"2008-04-02 21:44:49.329","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Common Documents","REG_SZ","C:\Documents and Settings\All Users\Documents" |
|---|
| 11 |
"2008-04-02 21:44:49.344","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Desktop","REG_SZ","C:\Documents and Settings\Administrator\Desktop" |
|---|
| 12 |
"2008-04-02 21:44:49.344","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Common Desktop","REG_SZ","C:\Documents and Settings\All Users\Desktop" |
|---|
| 13 |
"2008-04-02 21:44:49.797","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders","Favorites","REG_SZ","C:\Documents and Settings\Administrator\Favorites" |
|---|
| 14 |
"2008-04-02 21:44:54.79","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU","b","REG_BINARY","6e06f07406507006106402e0650780650004303a05c06307906707706906e05c06806f06d06505c04106406d06906e06907307407206107406f07205c07407207506e06b02d07207705c04306107007407507206503205c06306107007407507206502d06306c06906506e07402d07806506e06f02d06d06f06405c06906e07307406106c06c000" |
|---|
| 15 |
"2008-04-02 21:44:54.79","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU","MRUList","REG_SZ","bac" |
|---|
| 16 |
"2008-04-02 21:44:54.94","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt","a","REG_SZ","C:\cygwin\home\Administrator\trunk-rw\Capture2\capture-client-xeno-mod\install\foo.txt" |
|---|
| 17 |
"2008-04-02 21:44:54.94","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt","MRUList","REG_SZ","a" |
|---|
| 18 |
"2008-04-02 21:44:54.94","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*","e","REG_SZ","C:\cygwin\home\Administrator\trunk-rw\Capture2\capture-client-xeno-mod\install\foo.txt" |
|---|
| 19 |
"2008-04-02 21:44:54.94","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*","MRUList","REG_SZ","edcbjihagf" |
|---|
| 20 |
"2008-04-02 21:44:54.79","file","Delete","2496","C:\WINDOWS\system32\notepad.exe","C:\cygwin\home\Administrator\trunk-rw\Capture2\capture-client-xeno-mod\install\foo.txt" |
|---|
| 21 |
"2008-04-02 21:44:54.172","file","Write","2496","C:\WINDOWS\system32\notepad.exe","C:\cygwin\home\Administrator\trunk-rw\Capture2\capture-client-xeno-mod\install\foo.txt" |
|---|
| 22 |
"2008-04-02 21:44:54.282","file","Write","1380","C:\WINDOWS\explorer.exe","C:\Documents and Settings\Administrator\Recent\foo.txt.lnk" |
|---|
| 23 |
"2008-04-02 21:44:54.376","registry","SetValueKey","1380","C:\WINDOWS\explorer.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008040220080403","CachePath","REG_EXPAND_SZ","%USERPROFILE%\Local Settings\History\History.IE5\MSHist012008040220080403" |
|---|
| 24 |
"2008-04-02 21:44:54.376","registry","SetValueKey","1380","C:\WINDOWS\explorer.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008040220080403","CachePrefix","REG_SZ",":2008040220080403: " |
|---|
| 25 |
"2008-04-02 21:44:54.376","registry","SetValueKey","1380","C:\WINDOWS\explorer.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008040220080403","CacheLimit","REG_DWORD","2000" |
|---|
| 26 |
"2008-04-02 21:44:54.376","registry","SetValueKey","1380","C:\WINDOWS\explorer.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008040220080403","CacheOptions","REG_DWORD","b" |
|---|
| 27 |
"2008-04-02 21:44:54.376","registry","SetValueKey","1380","C:\WINDOWS\explorer.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008040220080403","CachePath","REG_EXPAND_SZ","%USERPROFILE%\Local Settings\History\History.IE5\MSHist012008040220080403" |
|---|
| 28 |
"2008-04-02 21:44:54.376","registry","SetValueKey","1380","C:\WINDOWS\explorer.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008040220080403","CacheRepair","REG_DWORD","0" |
|---|
| 29 |
"2008-04-02 21:44:54.516","file","Write","1380","C:\WINDOWS\explorer.exe","C:\cygwin\home\Administrator\src\honeyclient-trunk\thirdparty\capture-mod\logs\deleted_files\C\Documents and Settings\Administrator\Recent\install.lnk" |
|---|
| 30 |
"2008-04-02 21:44:54.516","file","Delete","1380","C:\WINDOWS\explorer.exe","C:\Documents and Settings\Administrator\Recent\install.lnk" |
|---|
| 31 |
"2008-04-02 21:44:54.547","file","Write","1380","C:\WINDOWS\explorer.exe","C:\Documents and Settings\Administrator\Recent\install.lnk" |
|---|
| 32 |
"2008-04-02 21:44:54.579","file","Write","4","System","C:\Documents and Settings\Administrator\Recent\foo.txt.lnk" |
|---|
| 33 |
"2008-04-02 21:44:54.579","file","Write","4","System","C:\cygwin\home\Administrator\src\honeyclient-trunk\thirdparty\capture-mod\logs\deleted_files\C\Documents and Settings\Administrator\Recent\install.lnk" |
|---|
| 34 |
"2008-04-02 21:44:54.579","file","Write","4","System","C:\Documents and Settings\Administrator\Recent\install.lnk" |
|---|
| 35 |
"2008-04-02 21:44:57.94","process","terminated","1380","C:\WINDOWS\explorer.exe","2496","C:\WINDOWS\system32\notepad.exe" |
|---|
| 36 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfEscapement","REG_DWORD","0" |
|---|
| 37 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfOrientation","REG_DWORD","0" |
|---|
| 38 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfWeight","REG_DWORD","190" |
|---|
| 39 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfItalic","REG_DWORD","0" |
|---|
| 40 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfUnderline","REG_DWORD","0" |
|---|
| 41 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfStrikeOut","REG_DWORD","0" |
|---|
| 42 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfCharSet","REG_DWORD","0" |
|---|
| 43 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfOutPrecision","REG_DWORD","3" |
|---|
| 44 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfClipPrecision","REG_DWORD","2" |
|---|
| 45 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfQuality","REG_DWORD","1" |
|---|
| 46 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfPitchAndFamily","REG_DWORD","31" |
|---|
| 47 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iPointSize","REG_DWORD","8c" |
|---|
| 48 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","fWrap","REG_DWORD","0" |
|---|
| 49 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","StatusBar","REG_DWORD","0" |
|---|
| 50 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","fSaveWindowPositions","REG_DWORD","0" |
|---|
| 51 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","lfFaceName","REG_SZ","Lucida Console" |
|---|
| 52 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","szHeader","REG_SZ","&f" |
|---|
| 53 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","szTrailer","REG_SZ","Page &p" |
|---|
| 54 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iMarginTop","REG_DWORD","3e8" |
|---|
| 55 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iMarginBottom","REG_DWORD","3e8" |
|---|
| 56 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iMarginLeft","REG_DWORD","2ee" |
|---|
| 57 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iMarginRight","REG_DWORD","2ee" |
|---|
| 58 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","fMLE_is_broken","REG_DWORD","0" |
|---|
| 59 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iWindowPosX","REG_DWORD","fffffff9" |
|---|
| 60 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iWindowPosY","REG_DWORD","38" |
|---|
| 61 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iWindowPosDX","REG_DWORD","40c" |
|---|
| 62 |
"2008-04-02 21:44:57.63","registry","SetValueKey","2496","C:\WINDOWS\system32\notepad.exe","HKCU\Software\Microsoft\Notepad","iWindowPosDY","REG_DWORD","299" |
|---|
| 63 |
"2008-04-02 21:45:07.829","process","created","1380","C:\WINDOWS\explorer.exe","2648","C:\WINDOWS\regedit.exe" |
|---|
| 64 |
"2008-04-02 21:45:15.985","registry","SetValueKey","2648","C:\WINDOWS\regedit.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","New Value #1","REG_SZ","" |
|---|
| 65 |
"2008-04-02 21:45:17.266","registry","SetValueKey","2648","C:\WINDOWS\regedit.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","foo","REG_SZ","" |
|---|
| 66 |
"2008-04-02 21:45:17.266","registry","DeleteValueKey","2648","C:\WINDOWS\regedit.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","New Value #1","REG_NONE","" |
|---|
| 67 |
"2008-04-02 21:45:19.204","registry","SetValueKey","2648","C:\WINDOWS\regedit.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","foo","REG_SZ","bar" |
|---|
| 68 |
"2008-04-02 21:45:22.344","process","terminated","1380","C:\WINDOWS\explorer.exe","2648","C:\WINDOWS\regedit.exe" |
|---|
| 69 |
"2008-04-02 21:45:22.344","registry","SetValueKey","2648","C:\WINDOWS\regedit.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit","View","REG_BINARY","2c00000001000ffffffffffffffffffffffffffffffff500005c000c43008f200d8000c200078000201001000" |
|---|
| 70 |
"2008-04-02 21:45:22.344","registry","SetValueKey","2648","C:\WINDOWS\regedit.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit","FindFlags","REG_DWORD","e" |
|---|
| 71 |
"2008-04-02 21:45:22.344","registry","SetValueKey","2648","C:\WINDOWS\regedit.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit","LastKey","REG_SZ","My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" |
|---|
