API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 29th, 2012
566
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.71 KB | None | 0 0
raw download clone embed print report
  1. extracted from 295b089792d00870db938f2107772e0b58b23e5e8c6c4465c23affe87e2e67ac_mssecmgr.ocx after running it for a while
  2.  
  3. CMD_HOME_IDS
  4. TELEMETRY
  5. CNT
  6. LAST_FLAME_TIME
  7. LAST_DATE
  8. MAX_HOME_CMD_ID_TO_SAVE
  9. EVENTS
  10. OP_ID
  11. INFECTING_FLAME_ID
  12. INFECTION_METHOD
  13. INFECTION_TIME
  14. services.exe
  15. winlogon.exe
  16. lsass.exe
  17. winlogon.exe
  18. HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option
  19. OptionValue
  20. CMD_HOME_IDS
  21. TELEMETRY
  22. CNT
  23. LAST_FLAME_TIME
  24. LAST_DATE
  25. MAX_HOME_CMD_ID_TO_SAVE
  26. EVENTS
  27. OP_ID
  28. INFECTING_FLAME_ID
  29. INFECTION_METHOD
  30. INFECTION_TIME
  31. SECURITY
  32. CRASH_COUNT
  33. MAX_SCAN_DEPTH
  34. KR|^
  35. MIN_FILE_SIZE
  36. MAX_FILE_SIZE
  37. KR,_
  38. MAX_FILE_AGE_IN_DAYS
  39. FILE_TIME_TYPE
  40. KRD
  41. SCAN_BURST_INTERVAL
  42. KR\`
  43. SCAN_DELAY_INTERVAL
  44. =JR
  45. =JR
  46. SCAN_DELAY_INTERVAL_USB
  47. =JR
  48. =JR4a
  49. <JR
  50. USE_HISTORY_USB
  51. .<JR
  52. ?JR
  53. ?JR%
  54. SHOULD_TREAT_ZIP_FILES_AS_DIRECTORIES
  55. >JR
  56. >JR
  57. REGULAR_CHECK_TYPES
  58. STARTER_CRASH_COUNT
  59. SYSTEM_STATUS
  60. SECURITY_CHECK_INTERVAL
  61. IS_FIRST_RUN_AFTER_INSTALL
  62. LAST_MONITOR_CHECK_TIME
  63. MIN_MONITOR_CHECK_INTERVAL
  64. LAST_PERFORMANCE_MONITOR_ACTIVITY
  65. CMD_HOME_IDS
  66. TELEMETRY
  67. CNT
  68. LAST_FLAME_TIME
  69. LAST_DATE
  70. MAX_HOME_CMD_ID_TO_SAVE
  71. EVENTS
  72. OP_ID
  73. INFECTING_FLAME_ID
  74. INFECTION_METHOD
  75. INFECTION_TIME
  76. SECURITY
  77. PERFORMANCE_MONITORS
  78. COUNTER_STRING
  79. CHECK_INTERVAL
  80. DESIRED_ACTION_ON_OVERLOAD
  81. OVERLOAD_VALUE
  82. IS_AVERAGING
  83. QUERIES_TO_AVERAGE
  84. CMD_HOME_IDS
  85. TELEMETRY
  86. CNT
  87. LAST_FLAME_TIME
  88. LAST_DATE
  89. MAX_HOME_CMD_ID_TO_SAVE
  90. EVENTS
  91. OP_ID
  92. INFECTING_FLAME_ID
  93. INFECTION_METHOD
  94. INFECTION_TIME
  95. CMD_HOME_IDS
  96. TELEMETRY
  97. CNT
  98. LAST_FLAME_TIME
  99. LAST_DATE
  100. MAX_HOME_CMD_ID_TO_SAVE
  101. EVENTS
  102. OP_ID
  103. INFECTING_FLAME_ID
  104. INFECTION_METHOD
  105. INFECTION_TIME
  106. MAX_SIZE
  107. LOG
  108. MAX_ERRORS
  109. LAST_LEAK_ID
  110. Dynamic01ACFD8
  111. LogSnapshotStorage
  112. Dynamic01B2D39G
  113. CMD_HOME_IDS
  114. TELEMETRY
  115. CNT
  116. LAST_FLAME_TIME
  117. LAST_DATE
  118. MAX_HOME_CMD_ID_TO_SAVE
  119. EVENTS
  120. OP_ID
  121. INFECTING_FLAME_ID
  122. INFECTION_METHOD
  123. INFECTION_TIME
  124. %windir%\Ef_trace.log
  125. __fajb3_i_h_s_p__
  126. Global\LBR_WINVER_EVENT
  127. CMD_HOME_IDS
  128. TELEMETRY
  129. CNT
  130. LAST_FLAME_TIME
  131. LAST_DATE
  132. MAX_HOME_CMD_ID_TO_SAVE
  133. EVENTS
  134. OP_ID
  135. INFECTING_FLAME_ID
  136. INFECTION_METHOD
  137. INFECTION_TIME
  138. NetworkType
  139. NetworkTypeIdentifier
  140. DetectionExpiryDate
  141. InternetMediaTime
  142. InternetMediaInterval
  143. DetectInterval
  144. TypeChangedBuffers
  145. TypeChanged
  146. MatchList
  147. NonPotentialExpiry
  148. PotentialExpiry
  149. UrlExpireTime
  150. BOOST
  151. BOOSTER
  152. EXTENSIONS
  153. EXT
  154. GRADE
  155. FILESIZES
  156. FILESIZE
  157. TIMEDIFFS
  158. TIMEDIFF
  159. NON_ENGLISH_GRADE
  160. FILE_AGE_FACTOR
  161. FILE_AGE_MAX
  162. MAX_STORAGE_PERCENT_USAGE
  163. MAX_RUN_TIME
  164. BOOST_CONSUMER_PRIORITY_BOOST
  165. MAX_HOME_CMD_ID_TO_SAVE
  166. KR$
  167. KRl
  168. EVENTS
  169. OP_ID
  170. INFECTING_FLAME_ID
  171. KRl
  172. INFECTION_METHOD
  173. INFECTION_TIME
  174. KR,
  175. KR,
  176. CMD_HOME_IDS
  177. =JR
  178. TELEMETRY
  179. =JR
  180. =JR
  181. CNT
  182. <JR
  183. <JR
  184. <JR
  185. LAST_FLAME_TIME
  186. ?JR
  187. ?JR|
  188. ?JR
  189. LAST_DATE
  190. >JR
  191. >JR
  192. MAX_HOME_CMD_ID_TO_SAVE
  193. 9JR
  194. 9JR<
  195. 9JR
  196. JR68JR
  197. 8JR
  198. 8JR
  199. EVENTS
  200. 8JR
  201. 9JR
  202. 9JR
  203. OP_ID
  204. ;JR
  205. ;JR
  206. INFECTING_FLAME_ID
  207. :JR
  208. :JR
  209. :JR
  210. INFECTION_METHOD
  211. 5JR
  212. 5JR
  213. INFECTION_TIME
  214. 4JR
  215. 4JRD
  216. 4JR
  217. CMD_HOME_IDS
  218. 7JR
  219. 7JR
  220. TELEMETRY
  221. 7JR
  222. 6JR
  223. CNT
  224. 6JR
  225. 6JR4
  226. 6JR
  227. LAST_FLAME_TIME
  228. 1JR
  229. 1JR
  230. 1JR
  231. LAST_DATE
  232. 0JR
  233. 0JR
  234. MIN_STORAGE_PRIORITY
  235. MAX_STORAGE_PRIORITY
  236. FILE_SCANNER
  237. REJECTED_DIRECTORIES
  238. DIR
  239. MAX_VALUABLE_FILES
  240. NETWAIT
  241. MS-BROWSE
  242. SAGEWINDOWCLASS2
  243. SYSTEM AGENT COM WINDOW
  244. COMAGENTWORKER
  245. MANAGER
  246. FLAME_ID
  247. Global\Advapikdct8491
  248. Global\msstx32b98mtxntsl1142mtnt
  249. HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
  250. Console
  251. Software\Microsoft\Internet Explorer\LowRegistry
  252. StandardSize
  253. Global\Netapi4evt32
  254. HEADACHE
  255. BLOCKED_TRIGGER
  256. HNT
  257. CMD_HOME_IDS
  258. TELEMETRY
  259. CNT
  260. LAST_FLAME_TIME
  261. LAST_DATE
  262. MAX_HOME_CMD_ID_TO_SAVE
  263. EVENTS
  264. OP_ID
  265. INFECTING_FLAME_ID
  266. INFECTION_METHOD
  267. INFECTION_TIME
  268. SAGEWINDOWCLASS2
  269. SYSTEM AGENT COM WINDOW
  270. COMAGENTWORKER
  271. VOLUME_SUPPLIER
  272. VOLUME_SUPPLIER
  273. SUPPLIER_INTERVAL
  274. SUPPLIER_SHOULD_RUN
  275. root\cimv2
  276. TargetInstance
  277. DeviceID
  278. Description
  279. __CLASS
  280. SELECT * FROM __InstanceOperationEvent WITHIN %d WHERE TargetInstance ISA 'Win32_LogicalDisk'
  281. __InstanceCreationEvent
  282. __InstanceDeletionEvent
  283. select * from Win32_LogicalDisk
  284. LISTENER_CODE
  285. VIRTUAL_VOLUME_SUPPLIER
  286. NUM_MS_OF_DELAY
  287. PROGRAMS
  288. \\.\pipe\navssvcs
  289. explorer.exe
  290. Listener
  291. ntavsys4sevt32
  292. ntavsys5revt32
  293. VIRTUAL_VOLUME_SUPPLIER
  294. \\.\
  295. IDENTIFICATION_DATA
  296. PROCESS_NAME
  297. SHOULD_SEARCH_BY_DEVICE_NAME
  298. SHOULD_REGISTER_FOR_PNP
  299. SHOULD_RUN_IF_REGISTER_FAILS
  300. ALLOWED_DRIVE_TYPES
  301. CMD_HOME_IDS
  302. TELEMETRY
  303. CNT
  304. LAST_FLAME_TIME
  305. LAST_DATE
  306. MAX_HOME_CMD_ID_TO_SAVE
  307. EVENTS
  308. OP_ID
  309. INFECTING_FLAME_ID
  310. INFECTION_METHOD
  311. INFECTION_TIME
  312. SAGEWINDOWCLASS2
  313. SYSTEM AGENT COM WINDOW
  314. COMAGENTWORKER
  315. LeakFileConsumer
  316. LEAK_FILE_CONSUMER
  317. SHOULD_RUN
  318. TTL
  319. FILES_LIST
  320. FILE_NAME_TO_LEAK
  321. DEVICE_NAME
  322. PRIORITY
  323. START_FLAME_TIME
  324. HOME_ID
  325. CMD_HOME_IDS
  326. TELEMETRY
  327. CNT
  328. LAST_FLAME_TIME
  329. LAST_DATE
  330. MAX_HOME_CMD_ID_TO_SAVE
  331. EVENTS
  332. OP_ID
  333. INFECTING_FLAME_ID
  334. INFECTION_METHOD
  335. INFECTION_TIME
  336. SAGEWINDOWCLASS2
  337. SYSTEM AGENT COM WINDOW
  338. COMAGENTWORKER
  339. INSTALL
  340. UPGRADE_TYPE
  341. SHOULD_CLEAN_INSTALL
  342. DISTRIBUTION_NUMBER
  343. Global\msstx32kgvjd5982kvfj42jf3
  344. CMD_HOME_IDS
  345. TELEMETRY
  346. CNT
  347. LAST_FLAME_TIME
  348. LAST_DATE
  349. MAX_HOME_CMD_ID_TO_SAVE
  350. EVENTS
  351. OP_ID
  352. INFECTING_FLAME_ID
  353. INFECTION_METHOD
  354. INFECTION_TIME
  355. CMD_HOME_IDS
  356. TELEMETRY
  357. CNT
  358. LAST_FLAME_TIME
  359. LAST_DATE
  360. MAX_HOME_CMD_ID_TO_SAVE
  361. EVENTS
  362. OP_ID
  363. INFECTING_FLAME_ID
  364. INFECTION_METHOD
  365. INFECTION_TIME
  366. Dynamic01A9C21F
  367. audcache
  368. MAX_HOME_CMD_ID_TO_SAVE
  369. CNT
  370. DefaultEnvironment
  371. wavesup3.drv
  372. mssecmgr.ocx
  373. msapack.ocx
  374. wavesup3.dr0
  375. mssecmgr.dl0
  376. %CommonProgramFiles%\Microsoft Shared\MSAudio\
  377. %CommonProgramFiles%\Microsoft Shared\MSSecurityMgr\
  378. %CommonProgramFiles%\Microsoft Shared\MSAPackages\
  379. C:\WINDOWS\system32\
  380. C:\WINDOWS\system32\
  381. wpgfilter.dat
  382. mscrypt.dat
  383. wpgfilter.da0
  384. mscrypt.da0
  385. ssitable
  386. audcach0
  387. ssitabl0
  388. audfilter.dat
  389. rccache.dat
  390. audfilter.da1
  391. rccache.da1
  392. audfilter.da0
  393. rccache.da0
  394. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit
  395. TELEMETRY
  396. CMD_HOME_IDS
  397. Env,
  398. gs_8
  399. CMD_HOME_IDS
  400. Env,
  401. gs_<
  402. INFECTING_FLAME_ID
  403. Envl
  404. gs_>
  405. INFECTING_FLAME_ID
  406. LAST_DATE
  407. TCPConnectionEstablishedTrigger
  408. HEURISTIC_SELECTION_LINE_TYPE_XP
  409. BOOST_CONSUMER_PRIORITY_BOOST
  410. CMD_HOME_IDS
  411. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit
  412. Env
  413. gs_
  414. C:\Program Files\Common Files\Microsoft Shared\MSAudio\
  415. Env
  416. gs_
  417. C:\Program Files\Common Files\Microsoft Shared\MSAudio\
  418. HKIU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  419. Env
  420. gs_
  421. C:\Program Files\Common Files\Microsoft Shared\MSSecurityMgr\
  422. LAST_FLAME_TIME
  423. C:\Program Files\Common Files\Microsoft Shared\MSAPackages\
  424. EVENTS
  425. OP_ID
  426. INFECTION_METHOD
  427. INFECTION_TIME
  428. ATTACKS_LEFT
  429. KRT
  430. SHOULD_ATTACK_SCRIPT
  431. RAISE_HTTP_REQUEST_TRIGGERS
  432. KR4
  433. LUA_SCRIPT_TIMEOUT
  434. HTTP_LISTEN_PORT
  435. text/html
  436. KRL
  437. application/raw
  438. =JR
  439. =JR
  440. ClientIP
  441. =JR
  442. <JR
  443. UserAgent
  444. <JRL
  445. <JR
  446. Time
  447. ?JR
  448. ?JR
  449. /wpad.dat
  450. >JR
  451. >JR
  452. /view.php
  453. >JR4
  454. 9JR
  455. MUNCH
  456. 8JR|
  457. 8JR
  458. ADDRESS
  459. 8JR
  460. 8JR
  461. 9JR
  462. SHOULD_RUN
  463. JRn;JR
  464. ;JR$
  465. ;JR
  466. SLEEP_TIME
  467. ;JR
  468. :JR|
  469. :JR
  470. CHECK_WPAD
  471. JR::JR
  472. :JR
  473. 5JR
  474. ATTACKS_LEFT
  475. 5JR,
  476. 4JR
  477. SHOULD_ATTACK_SCRIPT
  478. 4JR
  479. 7JR
  480. RAISE_HTTP_REQUEST_TRIGGERS
  481. 77JR
  482. 6JR
  483. 6JR
  484. LUA_SCRIPT_TIMEOUT
  485. JR%6JR
  486. 1JRt
  487. 1JR
  488. HTTP_LISTEN_PORT
  489. 0JR
  490. 0JR
  491. text/html
  492. 0JR$
  493. 0JR
  494. application/raw
  495. 3JR
  496. 3JR
  497. 3JR
  498. ClientIP
  499. 2JR
  500. 2JR
  501. UserAgent
  502. -JR$
  503. -JR
  504. Time
  505. -JRl
  506. ,JR
  507. CMD_HOME_IDS
  508. ,JR
  509. /JR
  510. TELEMETRY
  511. /JR
  512. /JR
  513. CNT
  514. .JR
  515. .JR\
  516. .JR
  517. LAST_FLAME_TIME
  518. )JR
  519. )JR
  520. )JR
  521. LAST_DATE
  522. (JR
  523. (JR
  524. MAX_HOME_CMD_ID_TO_SAVE
  525. (JR
  526. +JR|
  527. +JR
  528. JRd+JR
  529. +JR
  530. *JR
  531. EVENTS
  532. *JR
  533. *JR
  534. *JR
  535. OP_ID
  536. %JR\
  537. %JR
  538. INFECTING_FLAME_ID
  539. $JR
  540. $JR
  541. $JR
  542. INFECTION_METHOD
  543. 'JR$
  544. 'JR
  545. INFECTION_TIME
  546. &JR
  547. &JR
  548. &JR
  549. mp=1
  550. &JR
  551. !JR
  552. ac=1
  553. !JR
  554. !JR
  555. BRIDGE_STG_PRIORITY
  556. JR
  557. JR|
  558. JR
  559. MUNCH
  560. #JR
  561. #JR
  562. ADDRESS
  563. #JR
  564. "JR
  565. "JR
  566. SHOULD_RUN
  567. JR2"JR
  568. JRl
  569. SLEEP_TIME
  570. JR^
  571. JR<
  572. TELEMETRY
  573. CNT
  574. LAST_FLAME_TIME
  575. LAST_DATE
  576. MAX_HOME_CMD_ID_TO_SAVE
  577. EVENTS
  578. OP_ID
  579. INFECTION_METHOD
  580. INFECTION_TIME
  581. TELEMETRY
  582. CNT
  583. LAST_FLAME_TIME
  584. LAST_DATE
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!