Changeset 1396

Show
Ignore:
Timestamp:
03/27/08 22:58:20 (5 months ago)
Author:
kindlund
Message:

More IE7 false positives.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

    r1393 r1396  
    263263+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\repair 
    264264+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\SoftwareDistribution 
     265+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Cookies 
     266+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5\\MSHist012008032720080328\\index\.dat 
     267+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\cygwin\\lib\\perl5\\site_perl\\5\.8\\cygwin\\HTML 
     268+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop 
     269+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop\\%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Feeds Cache 
     270+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content\.IE5\\.* 
     271+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator 
     272+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop\\%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Feeds Cache\\index\.dat 
     273+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\MSIMGSIZ\.DAT 
     274+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings 
     275+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\AntiPhishing\\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\.dat 
     276+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Program Files\\Internet Explorer 
     277+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5 
     278+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5\\index\.dat 
     279+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\cygwin\\lib\\perl5\\site_perl\\5\.8\\auto\\Data\\Validate\\URI 
     280+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content\.IE5 
     281+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\cygwin\\lib\\perl5\\site_perl\\5\.8\\DateTime\\TimeZone 

  • honeyclient/trunk/thirdparty/capture-mod/RegistryMonitor.exl

    r1394 r1396  
    351351+   SetValueKey C:\\WINDOWS\\system32\\userinit\.exe    HKCU\\Printers 
    352352+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\PhishingFilter 
     353 
     354#### HONEYCLIENT AUTO EXCLUDE SCRIPT 
     355+   SetValueKey C:\\Program Files\\Windows Media Player\\wmpnscfg\.exe  HKLM\\SOFTWARE\\Microsoft\\Windows Media Player NSS\\.*