Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 18
- 05
- 20
- 23
- GetProcAddress
- LoadLibraryA
- lstrcatA
- OpenEventA
- CreateEventA
- CloseHandle
- Sleep
- GetUserDefaultLangID
- VirtualAllocExNuma
- VirtualFree
- GetSystemInfo
- VirtualAlloc
- HeapAlloc
- GetCom uterNameA
- lstrcpyA
- GetProcessHeap
- GetCurrentProcess
- lstrlenA
- ExitProcess
- GlobalMemoryStatusEx
- GetSystemTime
- SystemTimeToFileTime
- advapi32.dll
- gdi32.dll
- user32.dll
- crypt32.dll
- ntdll.dll
- GetUserNameA
- CreateDCA
- GetDeviceCaps
- ReleaseDC
- CryptStringToBinaryA
- sscanf
- VMwareVMware
- HAL9TH
- JohnDoe
- DISPLAY
- %hu/%hu/%hu
- hxxp://31[.]41[.]244[.]65
- /a8afc9c02b60d440.php
- /2684155a4094330f/
- default
- GetEnvironmentVariableA
- GetFileAttributesA
- GlobalLock
- HeapFree
- GetFileSize
- GlobalSize
- CreateToolhelp32Snapshot
- IsWow64Process
- Process32Next
- GetLocalTime
- FreeLibrary
- GetTimeZoneInformation
- GetSystemPowerStatus
- GetVolumeInformationA
- GetWindowsDirectoryA
- Process32First
- GetLocaleInfoA
- GetUserDefaultLocaleName
- GetModuleFileNameA
- DeleteFileA
- FindNextFileA
- LocalFree
- FindClose
- SetEnvironmentVariableA
- LocalAlloc
- GetFileSizeEx
- ReadFile
- SetFilePointer
- WriteFile
- CreateFileA
- FindFirstFileA
- CopyFileA
- VirtualProtect
- GetLogicalProcessorInformationEx
- GetLastError
- lstrcpynA
- MultiByteToWideChar
- GlobalFree
- WideCharToMultiByte
- GlobalAlloc
- OpenProcess
- gdiplus.dll
- ole32.dll
- bcrypt.dll
- wininet.dll
- shlwapi.dll
- shell32.dll
- psapi.dll
- CreateCompatibleBitmap
- SelectObject
- BitBlt
- DeleteObject
- CreateCompatibleDC
- GdipGetImageEncodersSize
- GdipGetImageEncoders
- GdipCreateBitmapFromHBITMAP
- GdiplusStartup
- GdiplusShutdown
- GdipSaveImageToStream
- GdipDisposeImage
- GdipFree
- GetHGlobalFromStream
- CreateStreamOnHGlobal
- CoUninitialize
- CoInitialize
- CoCreateInstance
- BCryptGenerateSymmetricKey
- BCryptCloseAlgorithmProvider
- BCryptDecrypt
- BCryptSetProperty
- BCryptDestroyKey
- BCryptOpenAlgorithmProvider
- GetWindowRect
- GetDesktopWindow
- GetDC
- CloseWindow
- wsprintfA
- EnumDisplayDevicesA
- GetKeyboardLayoutList
- CharToOemW
- RegQueryValueExA
- RegEnumKeyExA
- RegOpenKeyExA
- RegCloseKey
- RegEnumValueA
- CryptBinaryToStringA
- CryptUnprotectData
- SHGetFolderPathA
- ShellExecuteExA
- InternetOpenUrlA
- InternetConnectA
- InternetCloseHandle
- InternetOpenA
- HttpSendRequestA
- HttpOpenRequestA
- InternetReadFile
- InternetCrackUrlA
- StrCmpCA
- StrStrA
- StrCmpCW
- PathMatchSpecA
- GetModuleFileNameExA
- sqlite3_open
- sqlite3_prepare_v
- sqlite3_step
- sqlite3_column_text
- sqlite3_finalize
- sqlite3_close
- sqlite3_column_bytes
- sqlite3_column_blob
- encrypted_key
- PATH
- C:\ProgramData\nss3.dll
- NSS_Init
- NSS_Shutdown
- PK11_GetInternalKeySlot
- PK11_FreeSlot
- PK11_Authenticate
- PK11SDR_Decrypt
- C:\ProgramData\
- SELECT origin_url, username_value, password_value FROM logins
- browser:
- profile:
- url:
- login:
- password:
- Opera
- OperaGX
- Network
- cookies
- .txt
- SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
- TRUE
- FALSE
- autofill
- SELECT name, value FROM autofill
- history
- SELECT url FROM urls LIMIT 1000
- cc
- SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
- name:
- month:
- year:
- card:
- Cookies
- Login Data
- Web Data
- History
- logins.json
- formSubmitURL
- usernameField
- encryptedUsername
- encryptedPassword
- guid
- SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
- SELECT fieldname, value FROM moz_formhistory
- SELECT url FROM moz_places LIMIT 1000
- cookies.sqlite
- formhistory.sqlite
- places.sqlite
- plugins
- Local Extension Settings
- Sync Extension Settings
- IndexedDB
- Opera Stable
- Opera GX Stable
- CURRENT
- chrome-extension_
- _0.indexeddb.leveldb
- Local State
- profiles.ini
- chrome
- opera
- firefox
- wallets
- %08lX%04lX%lu
- SOFTWARE\Microsoft\Windows NT\CurrentVersion
- ProductName
- x32
- x64
- %d/%d/%d %d:%d:%d
- HARDWARE\DESCRIPTION\System\CentralProcessor\0
- ProcessorNameString
- SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- DisplayName
- DisplayVersion
- Network Info:
- - IP: IP?
- - Country: ISO?
- System Summary:
- - HWID:
- - OS:
- - Architecture:
- - UserName:
- - Com uter Name:
- - Local Time:
- - UTC:
- - Language:
- - Keyboards:
- - Laptop:
- - Running Path:
- - CPU:
- - Threads:
- - Cores:
- - RAM:
- - Dis lay Resolution:
- - GPU:
- User Agents:
- Installed Apps:
- All Users:
- Current User:
- Process ist:
- system_info.txt
- freebl3.dll
- mozglue.dll
- msvcp140.dll
- nss3.dll
- softokn3.dll
- vcruntime140.dll
- \Temp\
- .exe
- runas
- open
- /c start
- %DESKTOP%
- %APPDATA%
- %LOCALAPPDATA%
- %USERPROFILE%
- %DOCUMENTS%
- %PROGRAMFILES%
- %PROGRAMFILES_86%
- %RECENT%
- *.lnk
- files
- \discord\
- \Local Storage\leveldb\CURRENT
- \Local Storage\leveldb
- \Telegram Desktop\
- key_datas
- D877F783D5D3EF8C*
- map*
- A7FDF864FBC10B77*
- A92DAA6EA6F891F2*
- F8806DD0C461824F*
- Telegram
- Tox
- *.tox
- *.ini
- Password
- Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
- Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
- Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
- Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
- Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
- oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
- 00000001
- 00000002
- 00000003
- 00000004
- \Outlook\accounts.txt
- Pidgin
- \.purple\
- accounts.xml
- dQw4w9WgXcQ
- token:
- Software\Valve\Steam
- SteamPath
- \config\
- ssfn*
- config.vdf
- DialogConfig.vdf
- DialogConfigOverlay*.vdf
- libraryfolders.vdf
- loginusers.vdf
- \Steam\
- sqlite3.dll
- browsers
- done
- soft
- \Discord\tokens.txt
- /c timeout /t 5 & del /f /q "
- " & del "C:\ProgramData\*.dll"" & exit
- C:\Windows\system32\cmd.exe
- https
- Content-Type: multipart/form-data; boundary=----
- POST
- HTTP/1.1
- Content-Disposition: form-data; name="
- hwid
- build
- token
- file_name
- file
- message
- ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
- screenshot.jpg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement