Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- %SystemRoot%\SysWOW64\xwizard.exe
- .dat
- kernelbase.dll
- WBJ_IGNORE
- mpr.dll
- %SystemRoot%\explorer.exe
- %SystemRoot%\System32\CertEnrollCtrl.exe
- https
- SentinelServiceHost.exe;SentinelStaticEngine.exe;SentinelAgent.exe;SentinelStaticEngineScanner.exe;SentinelUI.exe
- open
- root\SecurityCenter2
- %SystemRoot%\SysWOW64\SndVol.exe
- %u.%u.%u.%u.%u.%u.%04x
- 1234567890
- %SystemRoot%\System32\Utilman.exe
- snxhk_border_mywnd
- %SystemRoot%\SysWOW64\wextract.exe
- avgcsrvx.exe;avgsvcx.exe;avgcsrva.exe
- Win32_PhysicalMemory
- Caption
- ByteFence.exe
- aswhooka.dll
- dwengine.exe;dwarkdaemon.exe;dwwatcher.exe
- %SystemRoot%\SysWOW64\grpconv.exe
- VRTUAL;VMware;VMW;Xen
- SELECT * FROM AntiVirusProduct
- %s\%08X.dll
- wininet.dll
- avp.exe;kavtray.exe
- rundll32.exe
- Create
- WQL
- %SystemRoot%\System32\sethc.exe
- AvastSvc.exe;aswEngSrv.exe;aswToolsSvc.exe;afwServ.exe;aswidsagent.exe;AvastUI.exe
- Software\Classes
- vkise.exe;isesrv.exe;cmdagent.exe
- LastBootUpTime
- MS_VM_CERT;VMware;Virtual Machine
- Winsta0
- .dll
- Caption,Description,DeviceID,Manufacturer,Name,PNPDeviceID,Service,Status
- SonicWallClientProtectionService.exe;SWDash.exe
- t=%s time=[%02d:%02d:%02d-%02d/%02d/%d]
- SystemRoot
- CommandLine
- %SystemRoot%\SysWOW64\explorer.exe
- SOFTWARE\Wow6432Node\Microsoft AntiMalware\SpyNet
- %s\system32\
- SELECT * FROM Win32_OperatingSystem
- wbj.go
- System32
- CynetEPS.exe;CynetMS.exe;CynetConsole.exe
- C:\INTERNAL\__empty
- cmd.exe
- SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- */*
- MsMpEng.exe
- image/pjpeg
- {%02X%02X%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X%02X%02X%02X%02X}
- urlmon.dll
- type=0x%04X
- TRUE
- Win32_ComputerSystem
- %SystemRoot%\System32\backgroundTaskHost.exe
- ALLUSERSPROFILE
- .exe
- \\.\pipe\
- advapi32.dll
- application/x-shockwave-flash
- %ProgramFiles%\Windows Media Player\wmplayer.exe
- ntdll.dll
- %SystemRoot%\SysWOW64\Utilman.exe
- CfGetPlatformInfo
- userenv.dll
- LocalLow
- FALSE
- coreServiceShell.exe;PccNTMon.exe;NTRTScan.exe
- Sophos UI.exe;SophosUI.exe;SAVAdminService.exe;SavService.exe
- image/jpeg
- image/gif
- displayName
- Name
- Win32_PnPEntity
- .cfg
- APPDATA
- winsta0\default
- %SystemRoot%\SysWOW64\CertEnrollCtrl.exe
- %SystemRoot%\SysWOW64\backgroundTaskHost.exe
- pstorec.dll
- RepUx.exe
- aaebcdeeifghiiojklmnooupqrstuuyvwxyyaz
- \sf2.dll
- %SystemRoot%\System32\dxdiag.exe
- CSFalconService.exe;CSFalconContainer.exe
- vbs
- WRSA.exe
- crypt32.dll
- setupapi.dll
- c:\saurufdifsdudqat.sys
- %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
- netapi32.dll
- SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
- VMware;PROD_VIRTUAL_DISK;VIRTUAL-DISK;XENSRC;20202020
- %SystemRoot%\System32\grpconv.exe
- SpyNetReporting
- wtsapi32.dll
- wpcap.dll
- Packages
- %SystemRoot%\explorer.exe
- regsvr32.exe
- aswhookx.dll
- Content-Type: application/x-www-form-urlencoded
- %SystemRoot%\SysWOW64\SearchIndexer.exe
- %SystemRoot%\SysWOW64\AtBroker.exe
- %SystemRoot%\System32\WerFault.exe
- SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
- vmnat.exe
- SubmitSamplesConsent
- SysWOW64
- shell32.dll
- wmic process call create 'expand "%S" "%S"'
- ROOT\CIMV2
- Win32_Product
- LOCALAPPDATA
- %SystemRoot%\SysWOW64\mobsync.exe
- ws2_32.dll
- WScript.Sleep %u
- Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\%coot\cimv2")
- Set objProcess = GetObject("winmgmts:root\cimv2:Win32_Process")
- errReturn = objProcess.Create("%s", null, nul, nul)
- WSCript.Sleep 2000
- Set fso = CreateObject("Scripting.FileSystemObject")
- fso.DeleteFile("%s")
- bcrypt.dll
- SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Spynet
- abcdefghijklmnopqrstuvwxyz
- fshoster32.exe
- %SystemRoot%\System32\SearchIndexer.exe
- reg.exe ADD "HKLM\%s" /f /t %s /v "%s" /d "%s"
- Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\%coot\cimv2")
- Set objProcess = GetObject("winmgmts:root\cimv2:Win32_Process")
- errReturn = objProcess.Create("%s", null, nul, nul)
- gdi32.dll
- Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\%coot\cimv2")
- Set colFiles = objWMIService.ExecQuery("Select * From CIM_DataFile Where Name = '%s'")
- For Each objFile in colFiles
- objFile.Copy("%s")
- Next
- Win32_Process
- SELECT * FROM Win32_Processor
- user32.dll
- Win32_Bios
- %SystemRoot%\SysWOW64\explorer.exe
- MBAMService.exe;mbamgui.exe
- %SystemRoot%\SysWOW64\mspaint.exe
- frida-winjector-helper-32.exe;frida-winjector-helper-64.exe;tcpdump.exe;windump.exe;ethereal.exe;wireshark.exe;ettercap.exe;rtsniff.exe;packetcapture.exe;capturenet.exe;qak_proxy;dumpcap.exe;CFF Explorer.exe;not_rundll32.exe;ProcessHacker.exe;tcpview.exe;filemon.exe;procmon.exe;idaq64.exe;loaddll32.exe;PETools.exe;ImportREC.exe;LordPE.exe;SysInspector.exe;proc_analyzer.exe;sysAnalyzer.exe;sniff_hit.exe;joeboxcontrol.exe;joeboxserver.exe;ResourceHacker.exe;x64dbg.exe;Fiddler.exe;sniff_hit.exe;sysAnalyzer.exe;BehaviorDumper.exe;processdumperx64.exe;anti-virus.EXE;sysinfoX64.exe;sctoolswrapper.exe;sysinfoX64.exe;FakeExplorer.exe;apimonitor-x86.exe;idaq.exe;dumper64.exe;user_imitator.exe;Velociraptor.exe
- %SystemRoot%\System32\wextract.exe
- egui.exe;ekrn.exe
- select
- %SystemRoot%\System32\wermgr.exe
- iphlpapi.dll
- SOFTWARE\Microsoft\Windows Defender\SpyNet
- %SystemRoot%\SysWOW64\dxdiag.exe
- %SystemRoot%\SysWOW64\WerFault.exe
- %SystemRoot%\System32\AtBroker.exe
- %SystemRoot%\SysWOW64\sethc.exe
- %S.%06d
- c:\\
- S:(ML;;NW;;;LW)
- fmon.exe
- %SystemRoot%\System32\xwizard.exe
- cscript.exe
- Initializing database...
- xagtnotif.exe;AppUIMonitor.exe
- %ProgramFiles%\Internet Explorer\iexplore.exe
- Win32_DiskDrive
- aabcdeefghiijklmnoopqrstuuvwxyyz
- %SystemRoot%\System32\mobsync.exe
- %SystemRoot%\SysWOW64\wermgr.exe
- kernel32.dll
- %SystemRoot%\System32\mspaint.exe
- bdagent.exe;vsserv.exe;vsservppl.exe
- SOFTWARE\Microsoft\Microsoft AntiMalware\SpyNet
- Caption,Description,Vendor,Version,InstallDate,InstallSource,PackageName
- NTUSER.DAT
- ccSvcHst.exe;NortonSecurity.exe;nsWscSvc.exe
- from
- mcshield.exe
- %SystemRoot%\System32\SndVol.exe
- VMware;VMW;QEMU
- QEMU;VMware Pointing;VMware Accelerated;VMware SCSI;VMware SVGA;VMware Replay;VMware server memory;VirtualBox;CWSandbox;Virtual HD;QEMU;VirtIO;srootkit;vSockets;VBoxVideo;vmxnet;vmscsi;VMAUDIO;vmdebug;vm3dmp;vmrawdsk;vmx_svga;ansfltr;sbtisht;XENVIF;XENBUS;XENSRC;XENCLASS
- shlwapi.dll
- csc_ui.exe
- CrAmTray.exe
- Mozilla/5.0 (Windows NT 6.1; rv:77.0) Gecko/20100101 Firefox/77.0
- %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement