API tools faq
paste
opexxx

pwstealer1

opexxx
Mar 15th, 2017
174
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.61 KB | None | 0 0
raw download clone embed print report
  1.  
  2. delete C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\XQNeFQv.tmp fab903520f10e95c1f9d22e19680979e
  3. delete C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_47eed6b8-38a8-4d3b-9db3-44c44c24b1cd d898504a722bff1524134c6ab6a5eaa5
  4. delete C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  5. delete C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\45640C\C940AB.lck c4ca4238a0b923820dcc509a6f75849b
  6. delete C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  7. delete Unknown C:\gfidja\lgiwj.exe
  8. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\gfidja\aspr_keys.ini
  9. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\XQNeFQv.tmp fab903520f10e95c1f9d22e19680979e
  10. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  11. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  12. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\45640C\C940AB.lck c4ca4238a0b923820dcc509a6f75849b
  13. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  14. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\45640C\C940AB.exe 269d69a3e8c8d6cdb90f544fc04c1bd6 exe
  15. create C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  16. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) \Device\Harddisk0\DR0
  17. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\profiles.ini f48f4bcbcb832e99a8ffd3273ae602b6
  18. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\secmod.db 20dd08de675cf453305843ef4af6521e
  19. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\cert8.db a5ae49867124ac75f029a9a33af31bad
  20. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\key3.db 2a18ceff8578f65d40f7df934c582577
  21. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\nssckbi.dll
  22. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite c5dd9d0688e0321ef18963e0a29456fa
  23. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite-journal
  24. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite-wal
  25. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite c5dd9d0688e0321ef18963e0a29456fa
  26. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite-journal
  27. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite c5dd9d0688e0321ef18963e0a29456fa
  28. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite-wal
  29. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.sqlite c5dd9d0688e0321ef18963e0a29456fa
  30. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\logins.json
  31. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons.txt
  32. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons2.txt
  33. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bq1w4dgl.default\signons3.txt
  34. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\profiles.ini f48f4bcbcb832e99a8ffd3273ae602b6
  35. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Login Data
  36. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Local\Comodo\Dragon\User Data\Default\Web Data
  37. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Login Data
  38. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera\Opera Next\data\User Data\Default\Web Data
  39. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera\Opera Next\data\Login Data
  40. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera\Opera Next\data\Default\Login Data
  41. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Login Data
  42. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\User Data\Default\Web Data
  43. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Login Data 905076ed0c0f642b6853f1adf654f9a6
  44. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera
  45. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\.purple\accounts.xml
  46. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\FTPShell\ftpshell.fsi
  47. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\NppFTP\NppFTP.xml
  48. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\oZone3D\MyFTP\myftp.ini
  49. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FTPBox\profiles.conf
  50. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\FTP Now\sites.xml
  51. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\NexusFile\userdata\ftpsite.ini
  52. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\NexusFile\ftpsite.ini
  53. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\.config\fullsync\profiles.xml
  54. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FTPInfo\ServerList.xml
  55. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FTPInfo\ServerList.cfg
  56. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\FileZilla\Filezilla.xml
  57. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FileZilla\filezilla.xml
  58. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FileZilla\recentservers.xml
  59. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FileZilla\sitemanager.xml
  60. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\Staff-FTP\sites.ini
  61. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\Fastream NETFile\My FTP Links
  62. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\GoFTP\settings\Connections.txt
  63. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat
  64. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\DeluxeFTP\sites.xml
  65. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Windows\wcx_ftp.ini
  66. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\wcx_ftp.ini
  67. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\wcx_ftp.ini
  68. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\GHISLER\wcx_ftp.ini
  69. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\FTPGetter\Profile\servers.xml
  70. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FTPGetter\servers.xml
  71. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Local\INSoftware\NovaFTP\NovaFTP.db
  72. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\NetDrive\NDSites.ini
  73. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\NetDrive2\drives.dat
  74. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\ProgramData\NetDrive2\drives.dat
  75. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Windows\wcx_ftp.ini
  76. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\wcx_ftp.ini
  77. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\wcx_ftp.ini
  78. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\GHISLER\wcx_ftp.ini
  79. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\FreshWebmaster\FreshFTP\FtpSites.SMF
  80. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\BitKinex\bitkinex.ds
  81. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\FTP Now\sites.xml
  82. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\Odin Secure FTP Expert\QFDefault.QFQ
  83. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Program Files\Odin Secure FTP Expert\SiteInfo.QFP
  84. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Pocomail\accounts.ini
  85. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\Documents\Pocomail\accounts.ini
  86. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Windows\32BitFtp.TMP
  87. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Windows\32BitFtp.ini
  88. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\FTP Navigator\Ftplist.txt
  89. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Softwarenetz\Mailing\Daten\mailing.vdt
  90. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Opera Mail\Opera Mail\wand.dat
  91. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\Documents\yMail2\POP3.xml
  92. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\Documents\yMail2\SMTP.xml
  93. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\Documents\yMail2\Accounts.xml
  94. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\Documents\yMail\ymail.ini
  95. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\TrulyMail\Data\Settings\user.config
  96. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\To-Do DeskList\tasks.db
  97. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\stickies\rtf
  98. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\NoteFly\notes
  99. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Conceptworld\Notezilla\Notes8.db
  100. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Sticky Notes\StickyNotes.snt
  101. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\Documents\My RoboForm Data
  102. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Credentials
  103. read C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Local\Microsoft\Credentials
  104. hide C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\45640C\C940AB.exe 269d69a3e8c8d6cdb90f544fc04c1bd6 exe
  105. hide C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\45640C
  106. write C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\XQNeFQv.tmp fab903520f10e95c1f9d22e19680979e
  107. write C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_47eed6b8-38a8-4d3b-9db3-44c44c24b1cd d898504a722bff1524134c6ab6a5eaa5
  108. write C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  109. write C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
  110. write C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\45640C\C940AB.lck c4ca4238a0b923820dcc509a6f75849b
  111. write C:\gfidja\lgiwj.exe (v. 7.15.0.0) C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3558273304-2305715256-1486658336-1000\0f5007522459c86e95ffcc62f32308f1_qszzabpjjijlkinripuhwzmgjcmvxyozmira d898504a722bff1524134c6ab6a5eaa5
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!