Changeset 1214
- Timestamp:
- 02/19/08 13:26:07 (6 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeyclient/branches/exp/xkovah-simpler_install/Capture2/capture-client-xeno-mod/ExclusionLists/RegistryMonitor.exl
r1069 r1214 298 298 #### Honeyclient manual add (per ticket #128) 299 299 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithList 300 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithProgids 300 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithProgids+ DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S-1-5-20\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 301 + DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 302 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\Print 303 + DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 304 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\TCPMon 305 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers 306 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print 307 + DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S-1-5-19\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 308 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Printers 309 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Providers honeyclient/branches/exp/xkovah-simpler_install/Capture2/capture-client-xeno-mod/install/RegistryMonitor.exl
r1069 r1214 298 298 #### Honeyclient manual add (per ticket #128) 299 299 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithList 300 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithProgids 300 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\\.css\\OpenWithProgids+ DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S-1-5-20\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 301 + DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKCU\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 302 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\Print 303 + DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\\.DEFAULT\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 304 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Services\\Eventlog\\System\\TCPMon 305 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers 306 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print 307 + DeleteValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKU\\S-1-5-19\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows 308 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Printers 309 + SetValueKey C:\\WINDOWS\\system32\\spoolsv\.exe HKLM\\SYSTEM\\ControlSet001\\Control\\Print\\Providers
