Add files via upload

eladyesh · Jun 16, 2023 · d755e3e · d755e3e
1 parent f6f6402
commit d755e3e
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 0 deletions.
diff --git a/mspaint_logs/LOG_MEMORY.txt b/mspaint_logs/LOG_MEMORY.txt
@@ -0,0 +1,11 @@
+
+----------intercepted call to WriteProcessMemory----------
+
+
+A pointer to the base address in the specified process to which data is written is 00290000
+A pointer to the buffer that contains data to be written in the address space of the specified process is E:\Cyber\YB_CYBER\project\FinalProject\ExeFiles\ExeFiles\evil.dll
+The number of bytes to be written to the specified process is 67
+
+----------Done intercepting call to WriteProcessMemory----------
+
+
diff --git a/mspaint_logs/output_handles.txt b/mspaint_logs/output_handles.txt
@@ -0,0 +1,83 @@
+
+Nthandle v5.0 - Handle viewer
+Copyright (C) 1997-2022 Mark Russinovich
+Sysinternals - www.sysinternals.com
+
+    4: File  (---)   \Device\ConDrv\Reference
+    8: File  (---)   \Device\ConDrv\Input
+    C: File  (---)   \Device\ConDrv\Output
+   10: File  (---)   \Device\ConDrv\Output
+   14: Event         
+   18: Event         
+   1C: WaitCompletionPacket 
+   20: IoCompletion  
+   24: TpWorkerFactory 
+   28: IRTimer       
+   2C: WaitCompletionPacket 
+   30: IRTimer       
+   34: WaitCompletionPacket 
+   38: EtwRegistration 
+   3C: EtwRegistration 
+   40: EtwRegistration 
+   44: Directory     \KnownDlls
+   48: Event         
+   4C: Event         
+   50: File  (RW-)   C:\Windows
+   54: Event         
+   58: Directory     \KnownDlls32
+   5C: Event         
+   60: WaitCompletionPacket 
+   64: IoCompletion  
+   68: TpWorkerFactory 
+   6C: IRTimer       
+   70: WaitCompletionPacket 
+   74: IRTimer       
+   78: WaitCompletionPacket 
+   7C: EtwRegistration 
+   80: EtwRegistration 
+   84: EtwRegistration 
+   88: Directory     \KnownDlls32
+   8C: Event         
+   90: Event         
+   94: File  (RW-)   \Device\Mup\;Z:000000000003750e\vmware-host\Shared Folders\E\Cyber\YB_CYBER\project\FinalProject\poc_start\poc_start
+   98: Key           HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
+   9C: Key           HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
+   A0: ALPC Port     
+   A4: File  (---)   \Device\ConDrv\Connect
+   A8: EtwRegistration 
+   AC: Mutant        \Sessions\1\BaseNamedObjects\SM0:6164:168:WilStaging_02
+   B0: Directory     \Sessions\1\BaseNamedObjects
+   B4: Semaphore     \Sessions\1\BaseNamedObjects\SM0:6164:168:WilStaging_02_p0
+   B8: EtwRegistration 
+   BC: EtwRegistration 
+   C0: EtwRegistration 
+   C4: IoCompletion  
+   C8: TpWorkerFactory 
+   CC: IRTimer       
+   D0: WaitCompletionPacket 
+   D4: IRTimer       
+   D8: WaitCompletionPacket 
+   DC: Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
+   E0: Key           HKLM
+   E4: Key           HKLM\SYSTEM\ControlSet001\Control\Session Manager
+   E8: EtwRegistration 
+   EC: EtwRegistration 
+   F0: EtwRegistration 
+   F4: EtwRegistration 
+   F8: EtwRegistration 
+   FC: EtwRegistration 
+  100: EtwRegistration 
+  104: EtwRegistration 
+  108: Key           HKCU
+  10C: Key           HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+  110: Thread        virus.exe(6164): 6312
+  114: Event         
+  118: Key           HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
+  11C: Event         
+  120: Key           HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
+  124: EtwRegistration 
+  128: Event         
+  12C: File  (---)   \Device\Afd
+  130: File  (---)   \Device\Afd
+  134: File  (---)   \Device\Afd
+  138: File  (---)   \Device\Afd