select * from file where path in ('/usr/share/.home*', '/usr/share/.home*/tty', '/etc/host.ph1', '/bin/host.ph1');

select * from registry where key='HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope'

select * from registry where key like 'HKEY_USERS\%\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\PolicyScope'

select * from portage_packages;

select * from launchd where name = 'PremierOpinion.plist' or name = 'PremierOpinionAgent.plist';

select * from process_envs;

select * from process_memory_map;

select * from launchd where name = 'pronto.notification.plist' or name = 'pronto.update.plist';

select * from registry where path like 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\Default\%' AND name IN ('WeakSha1ThirdPartyFlags','WeakMd5ThirdPartyFlags') AND type = 'REG_DWORD' AND data not like '-2%';

select * from launchd where name = 'com.apple.PubSabAgent.plist';