Changeset 1346

Show
Ignore:
Timestamp:
03/07/08 16:36:28 (6 months ago)
Author:
kindlund
Message:

Found more false-positive activity, re: ticket #144

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

    r1345 r1346  
    197197#### Honeyclient manual add - iexplore.exe - ticket #144 (windows update services) 
    198198+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\WindowsUpdate.log 
     199+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\wuweb\.dll 
     200+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\system32\\wuweb\.dll 
    199201+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp 
    200202+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\ICD1\.tmp\\wuweb\.dll 
     
    215217+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WuRedir\\9482F4B4-E343-43B6-B170-9A65BC822C77\\wuredir\.cab 
    216218+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wuident\.txt 
     219+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wuident\.cab 
    217220+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.cab 
    218221+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\SoftwareDistribution\\WebSetup\\wsus3setup\.inf 

  • honeyclient/trunk/thirdparty/capture-mod/RegistryMonitor.exl

    r1332 r1346  
    319319+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ModuleUsage\\C:\/WINDOWS\/System32\/wuweb\.dll 
    320320+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\SharedDLLs 
     321+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\} 
    321322+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\DownloadInformation 
    322323+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units\\\{6414512B-B978-451D-A0D8-FCFDF33E833C\}\\InstalledVersion