Changeset 1681

Show
Ignore:
Timestamp:
07/10/08 16:07:37 (5 months ago)
Author:
kindlund
Message:

Migrated trunk changes back into exp branch.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • honeyclient/branches/exp/kindlund-selenium/thirdparty/capture-mod/FileMonitor.exl

    r1672 r1681  
    9797+   Write   C:\\Program Files\\Messenger\\msmsgs\.exe   C:\\Documents and Settings\\.+\\NTUSER.DAT.LOG 
    9898+   Delete  C:\\Program Files\\Messenger\\msmsgs\.exe   C:\\Documents and Settings\\.+\\NTUSER.DAT.LOG 
     99+   Write   C:\\Program Files\\Messenger\\msmsgs\.exe   C:\\Documents and Settings\\.+\\NTUSER.DAT 
    99100+   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  E:\\\$LogFile 
    100101+   Write   C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe  E:\\\$Directory 
     
    345346+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+html 
    346347+   Delete  C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+tmp 
     348+   Write   C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+tmp 
    347349 
    348350# System Log Files - IE7 
    349351+   Write   C:\\WINDOWS\\system32\\services\.exe    C:\\WINDOWS\\Debug\\UserMode\\userenv\.log 
     352 
     353# IE6 Crashing 
     354+   Write   C:\\WINDOWS\\system32\\drwtsn32\.exe    C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Dr Watson\\.* 
    350355 
    351356# IE6 - Selenium Support 

  • honeyclient/branches/exp/kindlund-selenium/thirdparty/capture-mod/ProcessMonitor.exl

    r1672 r1681  
    5555+   drwtsn32.exe    .*  C:\\WINDOWS\\system32\\drwtsn32\.exe 
    5656 
     57# IE - MSN Messenger Autostart  
     58+   msmsgs.exe  .*  C:\\Program Files\\Messenger\\msmsgs\.exe 
     59 
    5760# IE6 - Selenium Support 
    5861+   cmd.exe .*  C:\\WINDOWS\\system32\\cmd\.exe 

  • honeyclient/branches/exp/kindlund-selenium/thirdparty/capture-mod/RegistryMonitor.exl

    r1676 r1681  
    290290+   SetValueKey C:\\Program Files\\Windows Media Player\\wmplayer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap 
    291291#### HONEYCLIENT AUTO EXCLUDE SCRIPT 
     292+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Macromedia\\FlashPlayerUpdate 
    292293+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Macromedia\\FlashPlayer 
    293294+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Macromedia\\FlashPlayer 
     
    408409+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting\\.* 
    409410 
     411# IE - Dr Watson IE 6 Crashing 
     412+   DeleteValueKey  C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting\\.* 
     413+   SetValueKey C:\\WINDOWS\\system32\\drwtsn32\.exe    HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders.* 
     414+   SetValueKey C:\\WINDOWS\\system32\\drwtsn32\.exe    HKLM\\SOFTWARE\\Microsoft\\DrWatson.* 
     415 
     416# Benign Explorer Activity 
     417+   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar.* 
     418+   SetValueKey C:\\WINDOWS\\explorer\.exe  HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings.* 
     419 
    410420# IE6 - Selenium Support 
    411421+   SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCR\\CLSID\\.*