Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ADVAPI32.DLL
- CryptGetUserKey
- KERNEL32.DLL
- LoadLibraryExW
- WS2_32.DLL
- WSARecv
- WSASend
- closesocket
- recv
- CHROME.DLL
- soft=%u&version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&crc=%x
- version=%u&soft=%u&user=%08x%08x%08x%08x&server=%u&id=%u&type=%u&name=%s
- Mozilla/4.0 (compatible; MSIE 8.0; Windows NT %u.%u%s)
- http://
- https://
- file://
- USER.ID
- %lu.exe
- /upd %lu
- Software\AppDataLow\Software\Microsoft\
- Main
- Block
- Temp
- Client
- Ini
- Keys
- Scr
- LastTask
- LastConfig
- CrHook
- OpHook
- Exec
- http://ietf.org/rfc/rfc3022.txt
- C:\Program Files\Internet Explorer\iexplore.exe
- Software\Microsoft\Windows\CurrentVersion\Run
- System\CurrentControlSet\Control\Session Manager\AppCertDlls
- text
- image
- json
- html
- javascript
- xml
- URL: %s
- user=%s
- pass=%s
- URL: %s
- REF: %s
- LANG: %s
- AGENT: %s
- COOKIE: %s
- POST:
- USERID: %s
- USER: %s
- DEVICE: %s
- CLASS: %s
- INTERFACE: %s
- ADD: %u
- @%s@
- grabs=
- HIDDEN
- %08x%08x%08x%08x
- @ID@
- @GROUP@
- @RANDSTR@
- @URL=*@
- @CONFIG=*@
- @VIDEO=*@
- @SOCKS=*@
- @VNC=*@
- %s.%s
- http
- .bat
- .bin
- Local\
- \\.\pipe\
- %APPDATA%\Microsoft\
- %APPDATA%
- form
- log
- keys
- POST
- Content-Disposition: form-data; name="upload_file"; filename="%s"
- POST
- --%s
- --%s--
- GET
- GET
- -01
- %u%u%u
- Content-Type: multipart/form-data; boundary=%s
- Content-Disposition: form-data; name="upload_file"; filename="%.4u.%lu"
- Content-Type: application/octet-stream
- {%08X-%04X-%04X-%04X-%08X%04X}
- %08X-%04X-%04X-%04X-%08X%04X
- S:(ML;;NW;;;LW)D:(A;;0x1fffff;;;WD)(A;;0x1fffff;;;S-1-15-2-1)
- \Run
- open
- %lu.bat
- attrib -r -s -h %%1
- :%u
- del %%1
- if exist %%1 goto %u
- del %%0
- \Vars
- \Files
- \Config
- /data.php?version=%u&user=%08x%08x%08x%08x&server=%u&id=%u&type=%u&name=%s
- /UPD
- /SD
- /sd %lu
- SOFTWARE\Microsoft\Windows NT\CurrentVersion
- \Software\Microsoft\Windows\CurrentVersion
- SystemRoot
- *\Macromedia\Flash Player\
- %APPDATA%\Mozilla\Firefox\Profiles
- EnableSPDY3_0
- cookies.sqlite
- NSPR4.DLL
- cookies.sqlite-journal
- NSS3.DLL
- ieui
- *.sol
- *.txt
- \cookie.ff
- OPERA.EXE
- \cookie.ie
- NTDLL.DLL
- \sols
- \\?\
- ieapfltr
- Content-MD5:
- *.*
- ISFB
- Accept-Encoding:
- Cookie:
- --use-spdy=off --disable-http2
- gif
- jpeg
- SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
- Content-Encoding:
- %02u-%02u-%02u %02u:%02u:%02u
- %02u-%02u-%02u %02u:%02u:%02u
- Clipboard
- Host:
- Windows Explorer
- Content-Type:
- DelegateExecute
- SOFTWARE\Classes\Chrome
- command
- *.*
- WININET.DLL
- WSOCK32.DLL
- WININET.dll
- VERSION.dll
- kernelbase
- ieframe
- urlmon
- mshtml
- inetcpl.cpl
- NTDSAPI.DLL
- User-Agent:
- Connection:
- Content-Length:
- Transfer-Encoding:
- Referer:
- Accept-Language:
- Content-Security-Policy:
- Content-Security-Policy-Report-Only:
- X-Frame-Options
- Access-Control-Allow-Origin:
- Cache-Control:
- Last-Modified:
- Etag:
- no-cache, no-store, must-revalidate
- ocsp
- chunked
- identity
- gzip, deflate
- gzip
- HTTP/1.1 404 Not Found
- %02u:%02u:%02u
- EMPTY
- Cmd %s processed: %u
- | "%s" | %u
- Cmd %u parsing: %u
- PR_Read
- PR_Write
- PR_Close
- cmd /C "%s> %s1"
- systeminfo.exe
- tasklist.exe /SVC >
- driverquery.exe >
- reg.exe query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s >
- cmd /U /C "type %s1 > %s & del %s1"
- net view >
- nslookup 127.0.0.1 >
- echo -------- >
- nslookup myip.opendns.com resolver1.opendns.com
- ss: *.*.*.*
- Unknown
- .pfx
- AddressBook
- AuthRoot
- CertificateAuthority
- Disallowed
- Root
- TrustedPeople
- TrustedPublisher
- InternetSetStatusCallback
- HttpAddRequestHeadersW
- HttpAddRequestHeadersA
- HttpQueryInfoW
- HttpQueryInfoA
- InternetConnectW
- InternetConnectA
- InternetQueryDataAvailable
- HttpSendRequestW
- HttpSendRequestA
- InternetReadFileExW
- InternetReadFileExA
- InternetWriteFile
- InternetReadFile
- HttpOpenRequestW
- RegQueryValueExW
- RegGetValueW
- PR_Poll
- PR_GetError
- PR_SetError
- ExitProcess
- LdrRegisterDllNotification
- LdrUnregisterDllNotification
- CreateProcessA
- CreateProcessW
- CreateProcessAsUserA
- CreateProcessAsUserW
- ZwGetContextThread
- ZwSetContextThread
- ZwWriteVirtualMemory
- ZwWow64QueryInformationProcess64
- ZwWow64ReadVirtualMemory64
- ZwProtectVirtualMemory
- LdrLoadDll
- LdrGetProcedureAddress
- RtlSetUnhandledExceptionFilter
- LoadLibraryA
- RtlExitUserThread
- CreateRemoteThread
- %02u-%02u-%02u %02u:%02u:%02u
- PluginRegisterCallbacks
- .rdata
- .text
- .data
- DLL load status: %u
- %s=%s&
- 0123456789ABCDEF
- Main
- Blocked
- user_pref("network.http.spdy.enabled", false);
- /images/
- .avi
- prefs.js
- %s=%s&
- HTTPMail
- SMTP
- POP3
- IMAP
- none
- WABOpen
- Software\Microsoft\Windows Mail
- Software\Microsoft\Windows Live Mail
- Store Root
- Salt
- account{*}.oeaccount
- Server
- User_Name
- Password2
- Port
- Secure_Connection
- NSS_Init
- NSS_Shutdown
- type=%S, name=%S, address=%S, server=%S, port=%u, ssl=%S, user=%S, password=%S
- PK11_Authenticate
- type=%S, name=%s, address=%s, server=%s, port=%u, ssl=%s, user=%s, password=%s
- PK11_FreeSlot
- MessageAccount
- hostname
- .gif
- Account_Name
- encryptedUsername
- SMTP_Email_Address
- encryptedPassword
- %S_%S
- %systemroot%\system32\c_1252.nls
- EmailAddressCollection/EmailAddress[%u]/Address
- Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
- DllRegisterServer
- Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\
- Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\
- Email
- Account Name
- IMAP Server
- IMAP Port
- IMAP User
- IMAP Password
- IMAP Use SSL
- POP3 User
- POP3 Server
- POP3 Port
- POP3 Password
- POP3 Use SSL
- SMTP User
- SMTP Server
- SMTP Port
- SMTP Password
- SMTP Use SSL
- A8000A
- 1.0
- nss3.dll
- PK11_GetInternalKeySlot
- PK11SDR_Decrypt
- %PROGRAMFILES%\Mozilla Thunderbird
- %USERPROFILE%\AppData\Roaming\Thunderbird\Profiles\*.default
- \logins.json
- ://
- %systemroot%\syswow64\cmd.exe
- /C pause mail
- .jpeg
- .bmp
- %c%02X
- \\.\%s
- \*.dll
- rundll32 "%s",%S
- .exe
- .dll
- IsWow64Process
- Wow64EnableWow64FsRedirection
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement