API tools faq
paste
Advertisement
ArizonaMilitia

The Windows XP spy machine - CCleaner Cache Exposed

ArizonaMilitia
Aug 11th, 2015
294
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.58 KB | None | 0 0
raw download clone embed print report
  1. The Windows XP spy machine - CCleaner Cache Exposed
  2.  
  3.  
  4. Here it is folks - the Windows XP spy machine - CCleaner_Cache_Exposed
  5.  
  6.  
  7. Windows XP Hidden Cache (Updated)
  8.  
  9.  
  10.  
  11. This was a copy taken from modified CCleaner
  12. registry , if installed you can find it within
  13. HKEY_CURRENT_USERSoftwarePiriformCCleaner
  14. using regedit.exe from C:WINDOWS
  15.  
  16. Owner = whatever user name you have. Mine is “Owner”
  17.  
  18. Note ; Mozilla “.default” ID censored due
  19. to security. The full path remains exposed.
  20. Every Mozilla Firefox user has a different
  21. .default ID, so consider it xxxxxxxx.default
  22. - the paths shown is what you need to know.
  23.  
  24. C:\Program Files\Mozilla Firefox\
  25. updater.exe"C:\Program Files\Mozilla Firefox\
  26. updater.ini"C:\Program Files\Mozilla Firefox\
  27. update.locale"C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\
  28. brndlog.bak"C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\
  29. brndlog.txt"C:\Documents and Settings\Default User\Cookies\
  30. index.dat"C:\Documents and Settings\Default User\Local Settings\
  31. History"C:\Documents and Settings\Default User\Local Settings\History\History.IE5\
  32. *.*"C:\Documents and Settings\Default User\Local Settings\Temp\
  33. *.*"C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\
  34. *.*"C:\Documents and Settings\Default User\NetHood\
  35. *.*"C:\Documents and Settings\Default User\Cookies\
  36. *.*"C:\Documents and Settings\Owner\Recent\
  37. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\
  38. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\
  39. *.*"C:\Program Files\Mozilla Firefox\components\
  40. nsSessionStore.js"C:\Program Files\Mozilla Firefox\components\
  41. aboutSessionRestore.js"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds\
  42. *.*"C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\
  43. *.*"C:\Documents and Settings\All Users\Application Data\MFAData\
  44. *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\bookmarkbackups\
  45. *.*"C:\Documents and Settings\Owner\Favorites\Microsoft Websites\
  46. *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\
  47. *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\
  48. *.*"C:\Documents and Settings\Default User\Recent\
  49. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\
  50. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\
  51. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates\
  52. *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\
  53. *.*"C:\Program Files\Mozilla Firefox\searchplugins\
  54. *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\
  55. extensions.cache"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\
  56. cookies.sqlite"C:\Program Files\Mozilla Firefox\components\
  57. nsUpdateService.js"C:\Program Files\Mozilla Firefox\components\
  58. nsUrlClassifierLib.js"C:\Program Files\Mozilla Firefox\components\
  59. nsUrlClassifierListManager.js"C:\Documents and Settings\Owner\Local Settings\Temp\
  60. *.*"C:\Documents and Settings\Owner\
  61. avgui.log"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\
  62. XPC.mfl"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\
  63. XUL.mfl"C:\Program Files\Mozilla Firefox\components\
  64. nsFormAutoComplete.js"C:\Program Files\Mozilla Firefox\components\
  65. GPSDGeolocationProvider.js"C:\Program Files\Mozilla Firefox\components\
  66. nsPlacesAutoComplete.js"C:\Documents and Settings\Owner\Application Data\.purple\logs\
  67. *.*"C:\Documents and Settings\Default User\Templates\
  68. *.*"C:\Documents and Settings\Owner\
  69. .recently-used.xbel"C:\Documents and Settings\Owner\Local Settings\Temp\
  70. ~DF2AA8.tmp"C:\Documents and Settings\Owner\Local Settings\Temp\
  71. nss61.tmp"C:\Documents and Settings\Owner\Local Settings\Temp\nsx62.tmp\
  72. i"C:\Documents and Settings\Owner\Local Settings\Temp\nsx62.tmp\
  73. D"C:\Program Files\Mozilla Firefox\extensions\
  74. *.*"C:\Program Files\Mozilla Firefox\chrome\
  75. pippki.jar"C:\Program Files\Mozilla Firefox\chrome\
  76. pippki.manifest"
  77. C:\Documents and Settings\Owner\Local Settings\Temp\WER896d.dir00\"C:\Documents and Settings\Owner\Local Settings\Temp\
  78. ~DFD751.tmp"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\
  79. urlclassifier3.sqlite"C:\Documents and Settings\Owner\Local Settings\Temp\WERe82a.dir00\
  80. *.*"C:\Documents and Settings\Owner\Local Settings\Temp\WERec2d.dir00\
  81. *.*"C:\Documents and Settings\All Users\Application Data\AVG2012\SetupBackup\
  82. Emailsx.cab"C:\Documents and Settings\All Users\Application Data\AVG2012\SetupBackup\
  83. *.*"C:\C:\WINDOWS\system32\
  84. netdde.exe"C:\Documents and Settings\Owner\Application Data\Identities\{1F25A10D-203D-4411-9884-6CBBA98EB1EE}\
  85. *.*"C:\Documents and Settings\Owner\Desktop\
  86. wiaservc.dll"C:\Documents and Settings\Owner\Local Settings\Application Data\4kdownload.com\
  87. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\
  88. IconCache.db"C:\Documents and Settings\Owner\Local Settings\Application Data\
  89. GDIPFONTCACHEV1.DAT"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\
  90. *.*"C:\Documents and Settings\Owner\My Documents\SnowFox Total Video Converter\
  91. *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\
  92. secmod.db"C:\Documents and Settings\Owner\Local Settings\Application Data\Xilisoft\Online Video Downloader\
  93. *.*"C:\WINDOWS\l2schemas\
  94. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Infacta\GroupMail\
  95. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\MPlayer\
  96. *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\
  97. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\
  98. MSIMGSIZ.DAT"C:\Documents and Settings\Default User\Application Data\Microsoft\Media Player\
  99. *.*"C:\WINDOWS\system32\
  100. mnmsrvc.exe"C:\Documents and Settings\Owner\Application Data\SumatraPDF\
  101. *.*"C:\Documents and Settings\Owner\IECompatCache\
  102. *.*"C:\Documents and Settings\Owner\IETld\
  103. *.*"C:\Documents and Settings\Owner\PrivacIE\
  104. *.*"C:\Documents and Settings\Owner\Temporary Internet Files\
  105. *.*"C:\Documents and Settings\Owner\Feeds Cache\Local Settings\Application Data\Microsoft\Feeds Cache\
  106. *.*"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\
  107. *.*"C:\Documents and Settings\NetworkService\Cookies\
  108. *.*"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\
  109. *.*"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\
  110. *.*"C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\
  111. *.*"C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\
  112. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\
  113. *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\bookmarkbackups\
  114. *.*"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\OfflineCache\
  115. *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\
  116. extensions.cache"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\
  117. cookies.sqlite"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\
  118. XPC.mfl"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\
  119. XUL.mfl"C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\████████.default\
  120. urlclassifier3.sqlite"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\
  121. secmod.db"C:\WINDOWS\inf\
  122. iis.inf"C:\WINDOWS\inf\
  123. iis.PNF"C:\Program Files\Internet Explorer\Connection Wizard\
  124. phone.icw"C:\Program Files\Internet Explorer\Connection Wizard\
  125. phone.ver"C:\Documents and Settings\Owner\Local Settings\Application Data\4Media\YouTube HD Video Converter\cache\
  126. http*.*"C:\Documents and Settings\Owner\Local Settings\Application Data\4Media\
  127. YouTube HD Video Converter*.*"C:\Program Files\Common Files\Microsoft Shared\web server extensions\
  128. *.*"
  129. C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\webappsstore.sqlite"C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\HelpCtr\
  130. *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\
  131. *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\
  132. *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\
  133. *.*"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\
  134. *.*"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\████████.default\
  135. localstore.rdf"C:\WINDOWS\system32\Macromed\Flash\
  136. *.*"C:\WINDOWS\system32\Macromed\Flash\
  137. NPSWF32.dll"C:\Documents and Settings\Owner\Application Data\Adobe\
  138. *.*"C:\Documents and Settings\Owner\Application Data\Adobe\Flash Player\AssetCache\
  139. *.*"
  140.  
  141.  
  142. Here it is folks - the Windows XP spy machine.
  143.  
  144. This list exposes where all the cookies are
  145. stored, all the user history logs, web cache,
  146. useless system cache, including where evercookie
  147. is planted - EVERYTHING is here. Total exposé.
  148.  
  149. Alot of these files and cache paths will
  150. re-generate too, so you need something like
  151. CCleaner.exe to target and wipe this shit out
  152. at the very least once per day.
  153.  
  154. And btw, those new systems are far worse!
  155.  
  156.  
  157. - NOBODY
  158.  
  159.  
  160.  
  161. Tor Browser Cache
  162.  
  163.  
  164. \Tor Browser\FirefoxPortable\App\Firefox\
  165. removed-files"\Tor Browser\FirefoxPortable\App\Firefox\
  166. updater.exe"\Tor Browser\FirefoxPortable\App\Firefox\
  167. updater.ini"\Tor Browser\FirefoxPortable\App\Firefox\
  168. update-settings.ini"\Tor Browser\FirefoxPortable\App\Firefox\searchplugins\
  169. *.*"\Tor Browser\FirefoxPortable\Data\profile\
  170. cookies.sqlite"\Tor Browser\FirefoxPortable\Data\profile\
  171. cookies.sqlite-shm"\Tor Browser\FirefoxPortable\Data\profile\
  172. cookies.sqlite-wal"\Tor Browser\FirefoxPortable\Data\profile\
  173. formhistory.sqlite"\Tor Browser\FirefoxPortable\Data\profile\
  174. places.sqlite-shm"\Tor Browser\FirefoxPortable\Data\profile\
  175. places.sqlite"\Tor Browser\FirefoxPortable\Data\profile\
  176. places.sqlite-wal"\Tor Browser\FirefoxPortable\Data\profile\bookmarkbackups\
  177. *.*"\Tor Browser\FirefoxPortable\Data\profile\
  178. signons.sqlite"\Tor Browser\FirefoxPortable\Data\profile\startupCache\
  179. *.*"
  180.  
  181.  
  182. Tor stinks?
  183.  
  184. http://cryptome.org/2013/10/nsa-tor-stinks.pdf
  185.  
  186. “Use cookies to identify Tor users when
  187. they are not using Tor.”
  188.  
  189. “Investigate Evercookie persistence.”
  190.  
  191.  
  192. Evercookie can be found within Windows systems
  193. and can be wiped out here ;
  194.  
  195. C:Documents and SettingsOwnerApplication DataMacromedia
  196.  
  197.  
  198. Here is evercookie.sol found from an old
  199. bleach log.
  200.  
  201. C:Documents and SettingsOwnerApplication Data
  202. MacromediaFlash Player#SharedObjectsED5YHQQU
  203. bbcdn-bbnaut.ibillboard.comserver-static-files
  204. bbnaut.swfevercookie.sol
  205.  
  206.  
  207. - NOBODY
  208.  
  209.  
  210. Pidgin OTR Hidden Logs in Linux System
  211.  
  212. Delete 4.1kB /home/User/.purple/logs/jabber/[email protected]/[email protected]/2015-01-02.110156-0700MST.html
  213. Delete 4.1kB /home/User/.purple/logs/jabber/[email protected]/[email protected]/2015-01-08.192023-0700MST.html
  214. Pidgin OTR-encrypted chat ... NOT so safe after all, it still logs you're chats ...
  215.  
  216. EVEN when you tell it not too. Here is where to bleach the logs:
  217.  
  218. Delete 4.1kB /home/User/.purple/logs/jabber/[email protected]/[email protected]/2015-01-14.122132-0700MST.html
  219. Delete 4.1kB /home/User/.purple/logs/jabber/[email protected]/[email protected]/2015-01-16.198200-0700MST.html
  220. Delete 8.2kB /home/User/.purple/logs/jabber/[email protected]/[email protected]/2015-01-17.170908-0700MST.html
  221. Delete 4.1kB /home/User/.purple/logs/jabber/[email protected]/hot-chilli.net/2015-01-18.115805-0700MST.html
  222. Delete 4.1kB /home/User/.purple/logs/jabber/[email protected]/[email protected]
  223. Delete 4.1kB /home/User/.purple/logs/jabber/[email protected]/hot-chilli.net
  224.  
  225. /User/ * this name depends on you're default user name.
  226.  
  227. - NOBODY
  228.  
  229.  
  230.  
  231. Tor Hidden Cache in Linux Systems
  232.  
  233. /Tor Browser/Browser/.local/share/
  234. /Tor Browser/Browser/.local/share/gvfs-metadata/
  235. /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/bookmarkbackups/
  236. /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/cookies.sqlite
  237. /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/formhistory.sqlite
  238. /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/places.sqlite
  239. /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/startupCache/
  240. /Tor Browser/Browser/TorBrowser/Data/Browser/profile.default/webappsstore.sqlite
  241.  
  242. Read more at http://www.liveleak.com/view?i=3a2_1422235201#vjwgrTYipto6Vaxi.99
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!