Windows NT DGPENSV2LPKMN 10.0 build 14393 (Windows Server 2016) AMD64
Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.25
: 172.16.0.66 | : 172.16.0.254
Cant Read [ /etc/named.conf ]
7.3.25
SYSTEM
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
[ A ]
[ C ]
[ D ]
C: /
Program Files /
Windows Defender /
[ HOME SHELL ]
Name
Size
Permission
Action
en-US
[ DIR ]
drwxrwxrwx
platform
[ DIR ]
drwxrwxrwx
AMMonitoringProvider.dll
184.5
KB
-rw-rw-rw-
AmMonitoringInstall.mof
9.18
KB
-rw-rw-rw-
AmStatusInstall.mof
20.51
KB
-rw-rw-rw-
ClientWMIInstall.mof
2.4
KB
-rw-rw-rw-
ConfigSecurityPolicy.exe
299
KB
-rwxrwxrwx
DataLayer.dll
219
KB
-rw-rw-rw-
DbgHelp.dll
1.44
MB
-rw-rw-rw-
Defendericon.png
759
B
-rw-rw-rw-
EppManifest.dll
707.5
KB
-rw-rw-rw-
FepUnregister.mof
361
B
-rw-rw-rw-
MSASCui.exe
1.24
MB
-rwxrwxrwx
MSASCuiL.exe
617
KB
-rwxrwxrwx
MpAsDesc.dll
84.5
KB
-rw-rw-rw-
MpAzSubmit.dll
2.51
MB
-rw-rw-rw-
MpClient.dll
906.5
KB
-rw-rw-rw-
MpCmdRun.exe
367.77
KB
-rwxrwxrwx
MpCommu.dll
326.5
KB
-rw-rw-rw-
MpEvMsg.dll
110.5
KB
-rw-rw-rw-
MpOAV.dll
99.5
KB
-rw-rw-rw-
MpProvider.dll
174
KB
-rw-rw-rw-
MpRtp.dll
514
KB
-rw-rw-rw-
MpSvc.dll
1.91
MB
-rw-rw-rw-
MpUXSrv.exe
81.27
KB
-rwxrwxrwx
MsMpCom.dll
74.5
KB
-rw-rw-rw-
MsMpEng.exe
94.36
KB
-rwxrwxrwx
MsMpLics.dll
4.5
KB
-rw-rw-rw-
MsMpRes.dll
426
KB
-rw-rw-rw-
MsMpResL.dll
2.5
KB
-rw-rw-rw-
NisLog.dll
52
KB
-rw-rw-rw-
NisSrv.exe
330.95
KB
-rwxrwxrwx
NisWfp.dll
64.5
KB
-rw-rw-rw-
ProtectionManagement.dll
538.5
KB
-rw-rw-rw-
ProtectionManagement.mof
56.08
KB
-rw-rw-rw-
ProtectionManagement_Uninstall...
2.51
KB
-rw-rw-rw-
SymSrv.dll
153.19
KB
-rw-rw-rw-
SymSrv.yes
1
B
-rw-rw-rw-
ThirdPartyNotices.txt
1.07
KB
-rw-rw-rw-
mpuxhostproxy.dll
12.5
KB
-rw-rw-rw-
shellext.dll
315.5
KB
-rw-rw-rw-
Delete
Unzip
Zip
${this.title}
Close
Code Editor : AmMonitoringInstall.mof
// AmMonitoringInstall.mof : mof source for Malware class // // Copyright (c) Microsoft Corporation. All rights reserved. // // This file will be processed by MOFCOMP utility to // register the provider with the WMI repository. // #pragma autorecover #pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient") //////////////////////////////////////////////////////// // Declare WMI class : Malware //////////////////////////////////////////////////////// [ Description("Describes malware detected by Forefront Antimalware"): ToInstance ToSubClass, dynamic: DisableOverride ToInstance, provider("AntimalwareMonitoringProvider"): ToInstance ToSubClass ] class Malware: SerializableToXml { string SchemaVersion = "1.0.0.0"; // derived from SerializableToXml [ Description("Detection time in the Round-Trip Format"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string DetectionTime; [ Description("Action Time in the Round-Trip Format"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string ActionTime; [ Description("Version of the security client"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string ProductVersion; [ Description("Unique Detection ID (GUID)"): ToInstance ToSubClass, read: ToInstance ToSubClass, key ] string DetectionID; [ Description("How was the malware detected (Enumeration)? RTP/Scheduled Scan/..."): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9"}, Values {"Unknown", "User", "System", "Realtime", "IOAV", "NIS", "BHO", "ELAM", "LocalAttestation", "RemoteAttestation"} ] uint8 DetectionSource; [ Description("Pending actions (bit flags indicating reboot/full scan/manual steps required)"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap { "0", "4", "8", "12", "16", "20", "24", "28", "32768", "32772", "32776", "32780", "32784", "32788", "32792", "32796" }, Values { "None", "FullScanRequired", "RebootRequired", "FullScanAndRebootRequired", "ManualStepsRequired", "FullScanAndManualStepsRequired", "RebootAndManualStepsRequired", "FullScanAndRebootAndManualStepsRequired", "OfflineScanRequired", "FullScanAndOfflineScanRequired", "RebootAndOfflineScanRequired", "FullScanAndRebootAndOfflineScanRequired", "ManualStepsAndOfflineScanRequired", "FullScanAndManualStepsAndOfflineScanRequired", "RebootAndManualStepsAndOfflineScanRequired", "FullScanAndRebootAndManualStepsAndOfflineScanRequired" } ] uint32 PendingActions; [ Description("Infected process"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string Process; [ Description("Domain hosting the user"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string Domain = "Domain"; [ Description("User account hosting the infected process"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string User; [ Description("Name of the threat"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string ThreatName; [ Description("Threat ID - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass ] sint64 ThreatID; [ Description("Severity ID - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap {"0", "1", "2", "4", "5"}, Values {"Unknown", "Low", "Moderate", "High", "Severe"} ] uint8 SeverityID; [ Description("Category ID - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap { "0", "1", "2", "3", "4", "5", "6", "7," "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "30", "31", "32", "33", "34", "36", "37", "38", "39", "40", "42", "43", "44", "45", "46", "47", "48" }, Values { "INVALID", "ADWARE", "SPYWARE", "PASSWORDSTEALER", "TROJANDOWNLOADER", "WORM", "BACKDOOR", "REMOTEACCESSTROJAN", "TROJAN", "EMAILFLOODER", "KEYLOGGER", "DIALER", "MONITORINGSOFTWARE", "BROWSERMODIFIER", "COOKIE", "BROWSERPLUGIN", "AOLEXPLOIT", "NUKER", "SECURITYDISABLER", "JOKEPROGRAM", "HOSTILEACTIVEXCONTROL", "SOFTWAREBUNDLER", "STEALTHNOTIFIER", "SETTINGSMODIFIER", "TOOLBAR", "REMOTECONTROLSOFTWARE", "TROJANFTP", "POTENTIALUNWANTEDSOFTWARE", "ICQEXPLOIT", "TROJANTELNET", "FILESHARINGPROGRAM", "MALWARE_CREATION_TOOL", "REMOTE_CONTROL_SOFTWARE", "TOOL", "TROJAN_DENIALOFSERVICE", "TROJAN_DROPPER", "TROJAN_MASSMAILER", "TROJAN_MONITORINGSOFTWARE", "TROJAN_PROXYSERVER", "VIRUS", "KNOWN", "UNKNOWN", "SPP", "BEHAVIOR", "VULNERABILTIY", "POLICY" } ] uint8 CategoryID; [ Description("Path to infected resource"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string Path; [ Description("Cleaning Action - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap { "0", "1", "2", "3", "6", "8", "9", "10" }, Values { "UNKNOWN", "CLEAN", "QUARANTINE", "REMOVE", "ALLOW", "USERDEFINED", "NOACTION", "BLOCK" } ] uint8 CleaningAction; [ Description("What happened to the malware? (Enumeration)? Blocked/Allowed/Executing/..."): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap {"0", "1", "2", "3", "4"}, Values {"Unknown", "Blocked", "Allowed", "Executing", "NotExecuting"} ] uint8 ExecutionStatus; [ Description("Was the cleaning action successful?"): ToInstance ToSubClass, read: ToInstance ToSubClass ] boolean ActionSuccess; [ Description("Error code if cleaning action failed"): ToInstance ToSubClass, read: ToInstance ToSubClass ] sint32 ErrorCode; }; //////////////////////////////////////////////////////// // instance of the provider class //////////////////////////////////////////////////////// instance of Win32_ProviderEx as $AntimalwareMonitoringProvider { Name = "AntimalwareMonitoringProvider"; //Name is the key property for __Provider objects. //vendor|provider|version is the suggested format //to prevent name collisions. ClsId = "{DACA056E-216A-4FD1-84A6-C306A017ECEC}" ; //provider GUID DefaultMachineName = NULL; //NULL for local machine ClientLoadableCLSID = NULL; //reserved ImpersonationLevel = 1; //reserved InitializationReentrancy = 0; //Set of flags that provide information about serialization: //0 = all initialization of this provider must be serialized //1 = all initializations of this provider in the same namespace must be serialized //2 = no initialization serialization is necessary InitializeAsAdminFirst = FALSE; //Request to be fully initialized as "Admin" before //initializations begin for users PerLocaleInitialization = FALSE; //Indicates whether the provider is initialized for each //locale if a user connects to the same namespace more //than once using different locales. PerUserInitialization = TRUE; //Indicates whether the provider is initialized once for each actual //Windows NT/Windows 2000 NTLM user making requests of the provider. //If set to FALSE, the provider is initialized once for all users Pure = TRUE; //A pure provider exists only to service requests from //applications and WMI. Most providers are pure providers. //Non-pure providers transition to the role of client after they have //finished servicing requests. UnloadTimeout = NULL; //Currently ignored //Use __CacheControl class in the root namespace to control provider unloading. //A string in the DMTF date/time format that specifies how long WMI //allows the provider to remain idle before it is unloaded. } ; //////////////////////////////////////////////////////// // registration of the instance of the provider class //////////////////////////////////////////////////////// instance of __InstanceProviderRegistration { Provider = $AntimalwareMonitoringProvider; SupportsPut = "FALSE"; SupportsGet = "FALSE"; SupportsDelete = "FALSE"; SupportsEnumeration = "TRUE"; };
Close
