search

manorit2001 / c3i-malware-analysis

Real time system changes monitoring solution ( Project done at c3i IITK )
1 stars 3 forks source link

merge tcp table to monitoring engine #20

Closed manorit2001 closed 3 years ago

manorit2001 commented 3 years ago

fix #12

manorit2001 commented 3 years ago

@rohanreddych test it once if it works fine

rohanreddych commented 3 years ago 
monitoring.exe
Registry snapshot before running malware
[*] Started Writing HKEY_CURRENT_USER subkeys to the given file
[*] Completed writing HKEY_CURRENT_USER subkeys to the given file
[*] Started Writing HKEY_CLASSES_ROOT subkeys to the given file
[*] Completed writing HKEY_CLASSES_ROOT subkeys to the given file
[*] Started Writing HKEY_LOCAL_MACHINE subkeys to the given file
[*] Completed writing HKEY_LOCAL_MACHINE subkeys to the given file
[*] Started Writing HKEY_USERS subkeys to the given file
[*] Completed writing HKEY_USERS subkeys to the given file
[*] Started Writing HKEY_CURRENT_CONFIG subkeys to the given file
[*] Completed writing HKEY_CURRENT_CONFIG subkeys to the given file
Network TCP Table snapshot before running malware
Trace configuration:
Status:             Running
Trace File:         C:\Users\c3i-malware-analysis\monitoring\x64\Release\log.etl
Append:             Off
Circular:           On
Max Size:           512 MB
Report:             Off
Network capture started
ETL started
Procmon started
Analysis started
Analysis stopped
Call complete. hResult = 0x80041032
Procmon stop
ControlTrace(stop) failed with 234
ETL stopped
Merging traces ... done
Generating data collection ... done
The trace file and additional troubleshooting information have been compiled as "C:\Users\rohan\Videos\c3i-malware-analysis\monitoring\x64\Release\log.cab".
File location = C:\Users\rohan\Videos\c3i-malware-analysis\monitoring\x64\Release\log.etl
Tracing session was successfully stopped.
Network capture stopped
Network TCP Table snapshot after running malware
Registry snapshot after running malware
[*] Started Writing HKEY_CURRENT_USER subkeys to the given file
[*] Completed writing HKEY_CURRENT_USER subkeys to the given file
[*] Started Writing HKEY_CLASSES_ROOT subkeys to the given file
[*] Completed writing HKEY_CLASSES_ROOT subkeys to the given file
[*] Started Writing HKEY_LOCAL_MACHINE subkeys to the given file

image

👍