Changeset 1487

Timestamp:

04/08/08 15:12:53 (5 months ago)

Author:

kindlund

Message:

Tweaks.

Files:

• honeyclient/branches/exp/kindlund-simpler_agent/thirdparty/capture-mod/FileMonitor.exl (modified) (2 diffs)

honeyclient/branches/exp/kindlund-simpler_agent/thirdparty/capture-mod/FileMonitor.exl

@@ -51 +51 @@
-+   Write   C:\\WINDOWS\\system32\\services\.exe    C:\\WINDOWS\\system32\\config\\SecEvent\.Evt
-#Mapping
-\\.+
+.*
-#Cataloging
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\WINDOWS\\system32\\CatRoot2\\.+
@@ -273 +273 @@
-+   Write   C:\\WINDOWS\\system32\\WgaTray\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History.IE5.*
-+   Delete  C:\\WINDOWS\\system32\\WgaTray\.exe C:\\Documents and Settings\\.+\\Local Settings\\History\\History.IE5.*
-\\
+
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop
-+   Write   C:\\WINDOWS\\system32\\svchost\.exe C:\\Documents and Settings\\Administrator\\Desktop\\%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Feeds Cache