API tools faq
paste
Advertisement
rerednawyerg

stealc_strings

rerednawyerg
Apr 25th, 2023
142
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.89 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. 18
  2. 05
  3. 20
  4. 23
  5. GetProcAddress
  6. LoadLibraryA
  7. lstrcatA
  8. OpenEventA
  9. CreateEventA
  10. CloseHandle
  11. Sleep
  12. GetUserDefaultLangID
  13. VirtualAllocExNuma
  14. VirtualFree
  15. GetSystemInfo
  16. VirtualAlloc
  17. HeapAlloc
  18. GetCom uterNameA
  19. lstrcpyA
  20. GetProcessHeap
  21. GetCurrentProcess
  22. lstrlenA
  23. ExitProcess
  24. GlobalMemoryStatusEx
  25. GetSystemTime
  26. SystemTimeToFileTime
  27. advapi32.dll
  28. gdi32.dll
  29. user32.dll
  30. crypt32.dll
  31. ntdll.dll
  32. GetUserNameA
  33. CreateDCA
  34. GetDeviceCaps
  35. ReleaseDC
  36. CryptStringToBinaryA
  37. sscanf
  38. VMwareVMware
  39. HAL9TH
  40. JohnDoe
  41. DISPLAY
  42. %hu/%hu/%hu
  43. hxxp://31[.]41[.]244[.]65
  44. /a8afc9c02b60d440.php
  45. /2684155a4094330f/
  46. default
  47. GetEnvironmentVariableA
  48. GetFileAttributesA
  49. GlobalLock
  50. HeapFree
  51. GetFileSize
  52. GlobalSize
  53. CreateToolhelp32Snapshot
  54. IsWow64Process
  55. Process32Next
  56. GetLocalTime
  57. FreeLibrary
  58. GetTimeZoneInformation
  59. GetSystemPowerStatus
  60. GetVolumeInformationA
  61. GetWindowsDirectoryA
  62. Process32First
  63. GetLocaleInfoA
  64. GetUserDefaultLocaleName
  65. GetModuleFileNameA
  66. DeleteFileA
  67. FindNextFileA
  68. LocalFree
  69. FindClose
  70. SetEnvironmentVariableA
  71. LocalAlloc
  72. GetFileSizeEx
  73. ReadFile
  74. SetFilePointer
  75. WriteFile
  76. CreateFileA
  77. FindFirstFileA
  78. CopyFileA
  79. VirtualProtect
  80. GetLogicalProcessorInformationEx
  81. GetLastError
  82. lstrcpynA
  83. MultiByteToWideChar
  84. GlobalFree
  85. WideCharToMultiByte
  86. GlobalAlloc
  87. OpenProcess
  88. gdiplus.dll
  89. ole32.dll
  90. bcrypt.dll
  91. wininet.dll
  92. shlwapi.dll
  93. shell32.dll
  94. psapi.dll
  95. CreateCompatibleBitmap
  96. SelectObject
  97. BitBlt
  98. DeleteObject
  99. CreateCompatibleDC
  100. GdipGetImageEncodersSize
  101. GdipGetImageEncoders
  102. GdipCreateBitmapFromHBITMAP
  103. GdiplusStartup
  104. GdiplusShutdown
  105. GdipSaveImageToStream
  106. GdipDisposeImage
  107. GdipFree
  108. GetHGlobalFromStream
  109. CreateStreamOnHGlobal
  110. CoUninitialize
  111. CoInitialize
  112. CoCreateInstance
  113. BCryptGenerateSymmetricKey
  114. BCryptCloseAlgorithmProvider
  115. BCryptDecrypt
  116. BCryptSetProperty
  117. BCryptDestroyKey
  118. BCryptOpenAlgorithmProvider
  119. GetWindowRect
  120. GetDesktopWindow
  121. GetDC
  122. CloseWindow
  123. wsprintfA
  124. EnumDisplayDevicesA
  125. GetKeyboardLayoutList
  126. CharToOemW
  127. RegQueryValueExA
  128. RegEnumKeyExA
  129. RegOpenKeyExA
  130. RegCloseKey
  131. RegEnumValueA
  132. CryptBinaryToStringA
  133. CryptUnprotectData
  134. SHGetFolderPathA
  135. ShellExecuteExA
  136. InternetOpenUrlA
  137. InternetConnectA
  138. InternetCloseHandle
  139. InternetOpenA
  140. HttpSendRequestA
  141. HttpOpenRequestA
  142. InternetReadFile
  143. InternetCrackUrlA
  144. StrCmpCA
  145. StrStrA
  146. StrCmpCW
  147. PathMatchSpecA
  148. GetModuleFileNameExA
  149. sqlite3_open
  150. sqlite3_prepare_v
  151. sqlite3_step
  152. sqlite3_column_text
  153. sqlite3_finalize
  154. sqlite3_close
  155. sqlite3_column_bytes
  156. sqlite3_column_blob
  157. encrypted_key
  158. PATH
  159. C:\ProgramData\nss3.dll
  160. NSS_Init
  161. NSS_Shutdown
  162. PK11_GetInternalKeySlot
  163. PK11_FreeSlot
  164. PK11_Authenticate
  165. PK11SDR_Decrypt
  166. C:\ProgramData\
  167. SELECT origin_url, username_value, password_value FROM logins
  168. browser:
  169. profile:
  170. url:
  171. login:
  172. password:
  173. Opera
  174. OperaGX
  175. Network
  176. cookies
  177. .txt
  178. SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
  179. TRUE
  180. FALSE
  181. autofill
  182. SELECT name, value FROM autofill
  183. history
  184. SELECT url FROM urls LIMIT 1000
  185. cc
  186. SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
  187. name:
  188. month:
  189. year:
  190. card:
  191. Cookies
  192. Login Data
  193. Web Data
  194. History
  195. logins.json
  196. formSubmitURL
  197. usernameField
  198. encryptedUsername
  199. encryptedPassword
  200. guid
  201. SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
  202. SELECT fieldname, value FROM moz_formhistory
  203. SELECT url FROM moz_places LIMIT 1000
  204. cookies.sqlite
  205. formhistory.sqlite
  206. places.sqlite
  207. plugins
  208. Local Extension Settings
  209. Sync Extension Settings
  210. IndexedDB
  211. Opera Stable
  212. Opera GX Stable
  213. CURRENT
  214. chrome-extension_
  215. _0.indexeddb.leveldb
  216. Local State
  217. profiles.ini
  218. chrome
  219. opera
  220. firefox
  221. wallets
  222. %08lX%04lX%lu
  223. SOFTWARE\Microsoft\Windows NT\CurrentVersion
  224. ProductName
  225. x32
  226. x64
  227. %d/%d/%d %d:%d:%d
  228. HARDWARE\DESCRIPTION\System\CentralProcessor\0
  229. ProcessorNameString
  230. SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  231. DisplayName
  232. DisplayVersion
  233. Network Info:
  234. - IP: IP?
  235. - Country: ISO?
  236. System Summary:
  237. - HWID:
  238. - OS:
  239. - Architecture:
  240. - UserName:
  241. - Com uter Name:
  242. - Local Time:
  243. - UTC:
  244. - Language:
  245. - Keyboards:
  246. - Laptop:
  247. - Running Path:
  248. - CPU:
  249. - Threads:
  250. - Cores:
  251. - RAM:
  252. - Dis lay Resolution:
  253. - GPU:
  254. User Agents:
  255. Installed Apps:
  256. All Users:
  257. Current User:
  258. Process ist:
  259. system_info.txt
  260. freebl3.dll
  261. mozglue.dll
  262. msvcp140.dll
  263. nss3.dll
  264. softokn3.dll
  265. vcruntime140.dll
  266. \Temp\
  267. .exe
  268. runas
  269. open
  270. /c start
  271. %DESKTOP%
  272. %APPDATA%
  273. %LOCALAPPDATA%
  274. %USERPROFILE%
  275. %DOCUMENTS%
  276. %PROGRAMFILES%
  277. %PROGRAMFILES_86%
  278. %RECENT%
  279. *.lnk
  280. files
  281. \discord\
  282. \Local Storage\leveldb\CURRENT
  283. \Local Storage\leveldb
  284. \Telegram Desktop\
  285. key_datas
  286. D877F783D5D3EF8C*
  287. map*
  288. A7FDF864FBC10B77*
  289. A92DAA6EA6F891F2*
  290. F8806DD0C461824F*
  291. Telegram
  292. Tox
  293. *.tox
  294. *.ini
  295. Password
  296. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
  297. Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
  298. Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
  299. Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
  300. Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
  301. oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
  302. 00000001
  303. 00000002
  304. 00000003
  305. 00000004
  306. \Outlook\accounts.txt
  307. Pidgin
  308. \.purple\
  309. accounts.xml
  310. dQw4w9WgXcQ
  311. token:
  312. Software\Valve\Steam
  313. SteamPath
  314. \config\
  315. ssfn*
  316. config.vdf
  317. DialogConfig.vdf
  318. DialogConfigOverlay*.vdf
  319. libraryfolders.vdf
  320. loginusers.vdf
  321. \Steam\
  322. sqlite3.dll
  323. browsers
  324. done
  325. soft
  326. \Discord\tokens.txt
  327. /c timeout /t 5 & del /f /q "
  328. " & del "C:\ProgramData\*.dll"" & exit
  329. C:\Windows\system32\cmd.exe
  330. https
  331. Content-Type: multipart/form-data; boundary=----
  332. POST
  333. HTTP/1.1
  334. Content-Disposition: form-data; name="
  335. hwid
  336. build
  337. token
  338. file_name
  339. file
  340. message
  341. ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
  342. screenshot.jpg
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!