Changeset 1397

Timestamp:

03/27/08 23:04:05 (5 months ago)

Author:

kindlund

Message:

More false positives for IE7.

Files:

• honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl (modified) (2 diffs)

honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

@@ -265 +265 @@
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Cookies
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5\\MSHist012008032720080328\\index\.dat
-site_perl\\5\.8\\cygwin\\HTML
+.*
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop\\%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Feeds Cache
@@ -277 +277 @@
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5\\index\.dat
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\cygwin\\lib\\perl5\\site_perl\\5\.8\\auto\\Data\\Validate\\URI
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content\.IE5
-
+
+
+
+
+
+