Changeset 1400

Show
Ignore:
Timestamp:
03/28/08 15:31:35 (4 months ago)
Author:
kindlund
Message:

Updated per false positive (0cec38a5dfbca2defdae7f38c9).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/trunk/thirdparty/capture-mod/FileMonitor.exl

    r1399 r1400  
    265265+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Cookies 
    266266+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Cookies\\index.dat 
    267 +   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5\\MSHist012008032720080328\\index\.dat 
     267+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History.IE5\\.+ 
     268+   Delete  C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History.IE5\\.+ 
     269+   Write   C:\\WINDOWS\\system32\\WgaTray\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History.IE5\\.+ 
     270+   Delete  C:\\WINDOWS\\system32\\WgaTray\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History.IE5\\.+ 
    268271+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\cygwin\\.* 
    269272+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop 
     
    274277+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Microsoft\\Internet Explorer\\MSIMGSIZ\.DAT 
    275278+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings 
    276 +   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\AntiPhishing\\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F\.dat 
     279+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\AntiPhishing\\.+ 
    277280+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Program Files\\Internet Explorer 
    278 +   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5 
    279 +   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\History\\History\.IE5\\index\.dat 
    280281+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Local Settings\\Temporary Internet Files\\Content\.IE5 
    281282+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\Macromed\\Flash