Windows NT KAMIDAKI 10.0 build 19045 (Windows 10) AMD64
Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.3.9
Server IP : 192.168.3.16 & Your IP : 216.73.216.204
Domains :
Cant Read [ /etc/named.conf ]
User : SISTEMA
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
C: /
Program Files /
Windows Defender /
Delete
Unzip
Name
Size
Permission
Date
Action
Offline
[ DIR ]
drwxrwxrwx
2023-11-16 06:31
Platform
[ DIR ]
drwxrwxrwx
2022-09-17 02:18
en-US
[ DIR ]
drwxrwxrwx
2023-03-23 12:55
pt-BR
[ DIR ]
drwxrwxrwx
2021-10-06 15:39
AMMonitoringProvider.dll
200.88
KB
-rw-rw-rw-
2023-11-16 02:58
AmMonitoringInstall.mof
9.18
KB
-rw-rw-rw-
2019-12-07 10:08
AmStatusInstall.mof
20.51
KB
-rw-rw-rw-
2019-12-07 10:08
ClientWMIInstall.mof
2.4
KB
-rw-rw-rw-
2019-12-07 10:08
ConfigSecurityPolicy.exe
311.3
KB
-rwxrwxrwx
2019-12-07 10:08
DefenderCSP.dll
205.93
KB
-rw-rw-rw-
2019-12-07 10:08
EppManifest.dll
716.02
KB
-rw-rw-rw-
2019-12-07 10:08
FepUnregister.mof
361
B
-rw-rw-rw-
2019-12-07 10:08
MpAsDesc.dll
93.88
KB
-rw-rw-rw-
2023-11-16 02:58
MpAzSubmit.dll
1.35
MB
-rw-rw-rw-
2019-12-07 10:08
MpClient.dll
920.43
KB
-rw-rw-rw-
2019-12-07 10:08
MpCmdRun.exe
457.15
KB
-rwxrwxrwx
2019-12-07 10:08
MpCommu.dll
323.93
KB
-rw-rw-rw-
2019-12-07 10:08
MpEvMsg.dll
128.52
KB
-rw-rw-rw-
2019-12-07 10:08
MpOAV.dll
262.42
KB
-rw-rw-rw-
2019-12-07 10:08
MpProvider.dll
188.97
KB
-rw-rw-rw-
2023-11-16 02:58
MpRtp.dll
872.43
KB
-rw-rw-rw-
2019-12-07 10:08
MpSvc.dll
2.27
MB
-rw-rw-rw-
2019-12-07 10:08
MsMpCom.dll
89.38
KB
-rw-rw-rw-
2023-11-16 02:58
MsMpEng.exe
100.96
KB
-rwxrwxrwx
2019-12-07 10:08
MsMpLics.dll
12.92
KB
-rw-rw-rw-
2019-12-07 10:08
MsMpRes.dll
11.98
KB
-rw-rw-rw-
2023-11-16 02:58
NisSrv.exe
2.86
MB
-rwxrwxrwx
2019-12-07 10:08
ProtectionManagement.dll
678.93
KB
-rw-rw-rw-
2019-12-07 10:08
ProtectionManagement.mof
32.19
KB
-rw-rw-rw-
2019-12-07 10:08
ProtectionManagement_Uninstall.mof
2.51
KB
-rw-rw-rw-
2019-12-07 10:08
ThirdPartyNotices.txt
1.07
KB
-rw-rw-rw-
2019-12-07 10:08
shellext.dll
328.48
KB
-rw-rw-rw-
2023-11-16 02:58
Save
Rename
// AmMonitoringInstall.mof : mof source for Malware class // // Copyright (c) Microsoft Corporation. All rights reserved. // // This file will be processed by MOFCOMP utility to // register the provider with the WMI repository. // #pragma autorecover #pragma namespace ("\\\\.\\root\\Microsoft\\SecurityClient") //////////////////////////////////////////////////////// // Declare WMI class : Malware //////////////////////////////////////////////////////// [ Description("Describes malware detected by Forefront Antimalware"): ToInstance ToSubClass, dynamic: DisableOverride ToInstance, provider("AntimalwareMonitoringProvider"): ToInstance ToSubClass ] class Malware: SerializableToXml { string SchemaVersion = "1.0.0.0"; // derived from SerializableToXml [ Description("Detection time in the Round-Trip Format"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string DetectionTime; [ Description("Action Time in the Round-Trip Format"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string ActionTime; [ Description("Version of the security client"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string ProductVersion; [ Description("Unique Detection ID (GUID)"): ToInstance ToSubClass, read: ToInstance ToSubClass, key ] string DetectionID; [ Description("How was the malware detected (Enumeration)? RTP/Scheduled Scan/..."): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9"}, Values {"Unknown", "User", "System", "Realtime", "IOAV", "NIS", "BHO", "ELAM", "LocalAttestation", "RemoteAttestation"} ] uint8 DetectionSource; [ Description("Pending actions (bit flags indicating reboot/full scan/manual steps required)"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap { "0", "4", "8", "12", "16", "20", "24", "28", "32768", "32772", "32776", "32780", "32784", "32788", "32792", "32796" }, Values { "None", "FullScanRequired", "RebootRequired", "FullScanAndRebootRequired", "ManualStepsRequired", "FullScanAndManualStepsRequired", "RebootAndManualStepsRequired", "FullScanAndRebootAndManualStepsRequired", "OfflineScanRequired", "FullScanAndOfflineScanRequired", "RebootAndOfflineScanRequired", "FullScanAndRebootAndOfflineScanRequired", "ManualStepsAndOfflineScanRequired", "FullScanAndManualStepsAndOfflineScanRequired", "RebootAndManualStepsAndOfflineScanRequired", "FullScanAndRebootAndManualStepsAndOfflineScanRequired" } ] uint32 PendingActions; [ Description("Infected process"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string Process; [ Description("Domain hosting the user"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string Domain = "Domain"; [ Description("User account hosting the infected process"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string User; [ Description("Name of the threat"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string ThreatName; [ Description("Threat ID - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass ] sint64 ThreatID; [ Description("Severity ID - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap {"0", "1", "2", "4", "5"}, Values {"Unknown", "Low", "Moderate", "High", "Severe"} ] uint8 SeverityID; [ Description("Category ID - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap { "0", "1", "2", "3", "4", "5", "6", "7," "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "30", "31", "32", "33", "34", "36", "37", "38", "39", "40", "42", "43", "44", "45", "46", "47", "48" }, Values { "INVALID", "ADWARE", "SPYWARE", "PASSWORDSTEALER", "TROJANDOWNLOADER", "WORM", "BACKDOOR", "REMOTEACCESSTROJAN", "TROJAN", "EMAILFLOODER", "KEYLOGGER", "DIALER", "MONITORINGSOFTWARE", "BROWSERMODIFIER", "COOKIE", "BROWSERPLUGIN", "AOLEXPLOIT", "NUKER", "SECURITYDISABLER", "JOKEPROGRAM", "HOSTILEACTIVEXCONTROL", "SOFTWAREBUNDLER", "STEALTHNOTIFIER", "SETTINGSMODIFIER", "TOOLBAR", "REMOTECONTROLSOFTWARE", "TROJANFTP", "POTENTIALUNWANTEDSOFTWARE", "ICQEXPLOIT", "TROJANTELNET", "FILESHARINGPROGRAM", "MALWARE_CREATION_TOOL", "REMOTE_CONTROL_SOFTWARE", "TOOL", "TROJAN_DENIALOFSERVICE", "TROJAN_DROPPER", "TROJAN_MASSMAILER", "TROJAN_MONITORINGSOFTWARE", "TROJAN_PROXYSERVER", "VIRUS", "KNOWN", "UNKNOWN", "SPP", "BEHAVIOR", "VULNERABILTIY", "POLICY" } ] uint8 CategoryID; [ Description("Path to infected resource"): ToInstance ToSubClass, read: ToInstance ToSubClass ] string Path; [ Description("Cleaning Action - Enumeration"): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap { "0", "1", "2", "3", "6", "8", "9", "10" }, Values { "UNKNOWN", "CLEAN", "QUARANTINE", "REMOVE", "ALLOW", "USERDEFINED", "NOACTION", "BLOCK" } ] uint8 CleaningAction; [ Description("What happened to the malware? (Enumeration)? Blocked/Allowed/Executing/..."): ToInstance ToSubClass, read: ToInstance ToSubClass, ValueMap {"0", "1", "2", "3", "4"}, Values {"Unknown", "Blocked", "Allowed", "Executing", "NotExecuting"} ] uint8 ExecutionStatus; [ Description("Was the cleaning action successful?"): ToInstance ToSubClass, read: ToInstance ToSubClass ] boolean ActionSuccess; [ Description("Error code if cleaning action failed"): ToInstance ToSubClass, read: ToInstance ToSubClass ] sint32 ErrorCode; }; //////////////////////////////////////////////////////// // instance of the provider class //////////////////////////////////////////////////////// instance of Win32_ProviderEx as $AntimalwareMonitoringProvider { Name = "AntimalwareMonitoringProvider"; //Name is the key property for __Provider objects. //vendor|provider|version is the suggested format //to prevent name collisions. ClsId = "{DACA056E-216A-4FD1-84A6-C306A017ECEC}" ; //provider GUID DefaultMachineName = NULL; //NULL for local machine ClientLoadableCLSID = NULL; //reserved ImpersonationLevel = 1; //reserved InitializationReentrancy = 0; //Set of flags that provide information about serialization: //0 = all initialization of this provider must be serialized //1 = all initializations of this provider in the same namespace must be serialized //2 = no initialization serialization is necessary InitializeAsAdminFirst = FALSE; //Request to be fully initialized as "Admin" before //initializations begin for users PerLocaleInitialization = FALSE; //Indicates whether the provider is initialized for each //locale if a user connects to the same namespace more //than once using different locales. PerUserInitialization = TRUE; //Indicates whether the provider is initialized once for each actual //Windows NT/Windows 2000 NTLM user making requests of the provider. //If set to FALSE, the provider is initialized once for all users Pure = TRUE; //A pure provider exists only to service requests from //applications and WMI. Most providers are pure providers. //Non-pure providers transition to the role of client after they have //finished servicing requests. UnloadTimeout = NULL; //Currently ignored //Use __CacheControl class in the root namespace to control provider unloading. //A string in the DMTF date/time format that specifies how long WMI //allows the provider to remain idle before it is unloaded. } ; //////////////////////////////////////////////////////// // registration of the instance of the provider class //////////////////////////////////////////////////////// instance of __InstanceProviderRegistration { Provider = $AntimalwareMonitoringProvider; SupportsPut = "FALSE"; SupportsGet = "FALSE"; SupportsDelete = "FALSE"; SupportsEnumeration = "TRUE"; };