Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- extracted from 295b089792d00870db938f2107772e0b58b23e5e8c6c4465c23affe87e2e67ac_mssecmgr.ocx after running it for a while
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- services.exe
- winlogon.exe
- lsass.exe
- winlogon.exe
- HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option
- OptionValue
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- SECURITY
- CRASH_COUNT
- MAX_SCAN_DEPTH
- KR|^
- MIN_FILE_SIZE
- MAX_FILE_SIZE
- KR,_
- MAX_FILE_AGE_IN_DAYS
- FILE_TIME_TYPE
- KRD
- SCAN_BURST_INTERVAL
- KR\`
- SCAN_DELAY_INTERVAL
- =JR
- =JR
- SCAN_DELAY_INTERVAL_USB
- =JR
- =JR4a
- <JR
- USE_HISTORY_USB
- .<JR
- ?JR
- ?JR%
- SHOULD_TREAT_ZIP_FILES_AS_DIRECTORIES
- >JR
- >JR
- REGULAR_CHECK_TYPES
- STARTER_CRASH_COUNT
- SYSTEM_STATUS
- SECURITY_CHECK_INTERVAL
- IS_FIRST_RUN_AFTER_INSTALL
- LAST_MONITOR_CHECK_TIME
- MIN_MONITOR_CHECK_INTERVAL
- LAST_PERFORMANCE_MONITOR_ACTIVITY
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- SECURITY
- PERFORMANCE_MONITORS
- COUNTER_STRING
- CHECK_INTERVAL
- DESIRED_ACTION_ON_OVERLOAD
- OVERLOAD_VALUE
- IS_AVERAGING
- QUERIES_TO_AVERAGE
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- MAX_SIZE
- LOG
- MAX_ERRORS
- LAST_LEAK_ID
- Dynamic01ACFD8
- LogSnapshotStorage
- Dynamic01B2D39G
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- %windir%\Ef_trace.log
- __fajb3_i_h_s_p__
- Global\LBR_WINVER_EVENT
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- NetworkType
- NetworkTypeIdentifier
- DetectionExpiryDate
- InternetMediaTime
- InternetMediaInterval
- DetectInterval
- TypeChangedBuffers
- TypeChanged
- MatchList
- NonPotentialExpiry
- PotentialExpiry
- UrlExpireTime
- BOOST
- BOOSTER
- EXTENSIONS
- EXT
- GRADE
- FILESIZES
- FILESIZE
- TIMEDIFFS
- TIMEDIFF
- NON_ENGLISH_GRADE
- FILE_AGE_FACTOR
- FILE_AGE_MAX
- MAX_STORAGE_PERCENT_USAGE
- MAX_RUN_TIME
- BOOST_CONSUMER_PRIORITY_BOOST
- MAX_HOME_CMD_ID_TO_SAVE
- KR$
- KRl
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- KRl
- INFECTION_METHOD
- INFECTION_TIME
- KR,
- KR,
- CMD_HOME_IDS
- =JR
- TELEMETRY
- =JR
- =JR
- CNT
- <JR
- <JR
- <JR
- LAST_FLAME_TIME
- ?JR
- ?JR|
- ?JR
- LAST_DATE
- >JR
- >JR
- MAX_HOME_CMD_ID_TO_SAVE
- 9JR
- 9JR<
- 9JR
- JR68JR
- 8JR
- 8JR
- EVENTS
- 8JR
- 9JR
- 9JR
- OP_ID
- ;JR
- ;JR
- INFECTING_FLAME_ID
- :JR
- :JR
- :JR
- INFECTION_METHOD
- 5JR
- 5JR
- INFECTION_TIME
- 4JR
- 4JRD
- 4JR
- CMD_HOME_IDS
- 7JR
- 7JR
- TELEMETRY
- 7JR
- 6JR
- CNT
- 6JR
- 6JR4
- 6JR
- LAST_FLAME_TIME
- 1JR
- 1JR
- 1JR
- LAST_DATE
- 0JR
- 0JR
- MIN_STORAGE_PRIORITY
- MAX_STORAGE_PRIORITY
- FILE_SCANNER
- REJECTED_DIRECTORIES
- DIR
- MAX_VALUABLE_FILES
- NETWAIT
- MS-BROWSE
- SAGEWINDOWCLASS2
- SYSTEM AGENT COM WINDOW
- COMAGENTWORKER
- MANAGER
- FLAME_ID
- Global\Advapikdct8491
- Global\msstx32b98mtxntsl1142mtnt
- HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
- Console
- Software\Microsoft\Internet Explorer\LowRegistry
- StandardSize
- Global\Netapi4evt32
- HEADACHE
- BLOCKED_TRIGGER
- HNT
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- SAGEWINDOWCLASS2
- SYSTEM AGENT COM WINDOW
- COMAGENTWORKER
- VOLUME_SUPPLIER
- VOLUME_SUPPLIER
- SUPPLIER_INTERVAL
- SUPPLIER_SHOULD_RUN
- root\cimv2
- TargetInstance
- DeviceID
- Description
- __CLASS
- SELECT * FROM __InstanceOperationEvent WITHIN %d WHERE TargetInstance ISA 'Win32_LogicalDisk'
- __InstanceCreationEvent
- __InstanceDeletionEvent
- select * from Win32_LogicalDisk
- LISTENER_CODE
- VIRTUAL_VOLUME_SUPPLIER
- NUM_MS_OF_DELAY
- PROGRAMS
- \\.\pipe\navssvcs
- explorer.exe
- Listener
- ntavsys4sevt32
- ntavsys5revt32
- VIRTUAL_VOLUME_SUPPLIER
- \\.\
- IDENTIFICATION_DATA
- PROCESS_NAME
- SHOULD_SEARCH_BY_DEVICE_NAME
- SHOULD_REGISTER_FOR_PNP
- SHOULD_RUN_IF_REGISTER_FAILS
- ALLOWED_DRIVE_TYPES
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- SAGEWINDOWCLASS2
- SYSTEM AGENT COM WINDOW
- COMAGENTWORKER
- LeakFileConsumer
- LEAK_FILE_CONSUMER
- SHOULD_RUN
- TTL
- FILES_LIST
- FILE_NAME_TO_LEAK
- DEVICE_NAME
- PRIORITY
- START_FLAME_TIME
- HOME_ID
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- SAGEWINDOWCLASS2
- SYSTEM AGENT COM WINDOW
- COMAGENTWORKER
- INSTALL
- UPGRADE_TYPE
- SHOULD_CLEAN_INSTALL
- DISTRIBUTION_NUMBER
- Global\msstx32kgvjd5982kvfj42jf3
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- CMD_HOME_IDS
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTING_FLAME_ID
- INFECTION_METHOD
- INFECTION_TIME
- Dynamic01A9C21F
- audcache
- MAX_HOME_CMD_ID_TO_SAVE
- CNT
- DefaultEnvironment
- wavesup3.drv
- mssecmgr.ocx
- msapack.ocx
- wavesup3.dr0
- mssecmgr.dl0
- %CommonProgramFiles%\Microsoft Shared\MSAudio\
- %CommonProgramFiles%\Microsoft Shared\MSSecurityMgr\
- %CommonProgramFiles%\Microsoft Shared\MSAPackages\
- C:\WINDOWS\system32\
- C:\WINDOWS\system32\
- wpgfilter.dat
- mscrypt.dat
- wpgfilter.da0
- mscrypt.da0
- ssitable
- audcach0
- ssitabl0
- audfilter.dat
- rccache.dat
- audfilter.da1
- rccache.da1
- audfilter.da0
- rccache.da0
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit
- TELEMETRY
- CMD_HOME_IDS
- Env,
- gs_8
- CMD_HOME_IDS
- Env,
- gs_<
- INFECTING_FLAME_ID
- Envl
- gs_>
- INFECTING_FLAME_ID
- LAST_DATE
- TCPConnectionEstablishedTrigger
- HEURISTIC_SELECTION_LINE_TYPE_XP
- BOOST_CONSUMER_PRIORITY_BOOST
- CMD_HOME_IDS
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit
- Env
- gs_
- C:\Program Files\Common Files\Microsoft Shared\MSAudio\
- Env
- gs_
- C:\Program Files\Common Files\Microsoft Shared\MSAudio\
- HKIU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- Env
- gs_
- C:\Program Files\Common Files\Microsoft Shared\MSSecurityMgr\
- LAST_FLAME_TIME
- C:\Program Files\Common Files\Microsoft Shared\MSAPackages\
- EVENTS
- OP_ID
- INFECTION_METHOD
- INFECTION_TIME
- ATTACKS_LEFT
- KRT
- SHOULD_ATTACK_SCRIPT
- RAISE_HTTP_REQUEST_TRIGGERS
- KR4
- LUA_SCRIPT_TIMEOUT
- HTTP_LISTEN_PORT
- text/html
- KRL
- application/raw
- =JR
- =JR
- ClientIP
- =JR
- <JR
- UserAgent
- <JRL
- <JR
- Time
- ?JR
- ?JR
- /wpad.dat
- >JR
- >JR
- /view.php
- >JR4
- 9JR
- MUNCH
- 8JR|
- 8JR
- ADDRESS
- 8JR
- 8JR
- 9JR
- SHOULD_RUN
- JRn;JR
- ;JR$
- ;JR
- SLEEP_TIME
- ;JR
- :JR|
- :JR
- CHECK_WPAD
- JR::JR
- :JR
- 5JR
- ATTACKS_LEFT
- 5JR,
- 4JR
- SHOULD_ATTACK_SCRIPT
- 4JR
- 7JR
- RAISE_HTTP_REQUEST_TRIGGERS
- 77JR
- 6JR
- 6JR
- LUA_SCRIPT_TIMEOUT
- JR%6JR
- 1JRt
- 1JR
- HTTP_LISTEN_PORT
- 0JR
- 0JR
- text/html
- 0JR$
- 0JR
- application/raw
- 3JR
- 3JR
- 3JR
- ClientIP
- 2JR
- 2JR
- UserAgent
- -JR$
- -JR
- Time
- -JRl
- ,JR
- CMD_HOME_IDS
- ,JR
- /JR
- TELEMETRY
- /JR
- /JR
- CNT
- .JR
- .JR\
- .JR
- LAST_FLAME_TIME
- )JR
- )JR
- )JR
- LAST_DATE
- (JR
- (JR
- MAX_HOME_CMD_ID_TO_SAVE
- (JR
- +JR|
- +JR
- JRd+JR
- +JR
- *JR
- EVENTS
- *JR
- *JR
- *JR
- OP_ID
- %JR\
- %JR
- INFECTING_FLAME_ID
- $JR
- $JR
- $JR
- INFECTION_METHOD
- 'JR$
- 'JR
- INFECTION_TIME
- &JR
- &JR
- &JR
- mp=1
- &JR
- !JR
- ac=1
- !JR
- !JR
- BRIDGE_STG_PRIORITY
- JR
- JR|
- JR
- MUNCH
- #JR
- #JR
- ADDRESS
- #JR
- "JR
- "JR
- SHOULD_RUN
- JR2"JR
- JRl
- SLEEP_TIME
- JR^
- JR<
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
- MAX_HOME_CMD_ID_TO_SAVE
- EVENTS
- OP_ID
- INFECTION_METHOD
- INFECTION_TIME
- TELEMETRY
- CNT
- LAST_FLAME_TIME
- LAST_DATE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement