SHARE
TWEET

Nukebot 3f77b24c569600e73f9c112b9e7be43f unpacked strings

PepperPotts Jan 1st, 2019 233 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. LdrGetProcedureAddress
  2. RtlNtStatusToDosError
  3. RtlSetLastWin32Error
  4. NtQueryVirtualMemory
  5. NtAllocateVirtualMemory
  6. NtFreeVirtualMemory
  7. NtProtectVirtualMemory
  8. NtReadVirtualMemory
  9. NtWriteVirtualMemory
  10. NtGetContextThread
  11. NtSetContextThread
  12. true
  13. false
  14. null
  15. null
  16. true
  17. false
  18. \r\n\r\n
  19. HTTP/1.
  20. Transfer-Encoding
  21. chunked
  22. Content-Length
  23. Connection
  24. close
  25. Proxy-Connection
  26. close
  27. HTTP/1.
  28. Host
  29. Content-Length
  30. https://
  31. Referer
  32. Content-Type
  33. Authorization
  34. %x\r\n
  35. \r\n0\r\n\r\n
  36. Content-Length
  37. identity
  38. Accept-Encoding
  39. If-Modified-Since
  40. --->
  41. <!---
  42. --->
  43. <!---
  44. Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\
  45. Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\Dns\\
  46. Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\Dns\\
  47. Resource: (%S), Service: (%S), User: (%S), Password: (%S)
  48. EMAIL
  49. Resource: (%s), Service: (%s), User: (%s), Password: (%s)
  50. PK11SDR_Decrypt
  51. SECITEM_ZfreeItem
  52. %s\\Thunderbird\\profiles.ini
  53. Path
  54. Profile0
  55. %s\\Thunderbird\\%s\\logins.json
  56. NSS_Init
  57. \"hostname\":\"
  58. \"encryptedUsername\":\"
  59. \"encryptedPassword\":\"
  60. NULL
  61. HTTPMail User Name
  62. HTTPMail Server
  63. HTTPMail Password2
  64. POP3 User Name
  65. POP3 Server
  66. POP3 Password2
  67. IMAP User Name
  68. IMAP Server
  69. IMAP Password2
  70. Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
  71. Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
  72. HTTP User
  73. HTTP Server URL
  74. HTTP Password
  75. POP3 User
  76. POP3 Server
  77. POP3 Password
  78. IMAP User
  79. IMAP Server
  80. IMAP Password
  81. pstorec.dll
  82. PStoreCreateInstance
  83. 220d5cd0
  84. 220d5cc1
  85. crypt32.dll
  86. CryptUnprotectData
  87. Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
  88. HTTP User
  89. Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
  90. HTTP Server URL
  91. HTTP Password
  92. POP3 User
  93. POP3 Server
  94. POP3 Password
  95. IMAP User
  96. IMAP Server
  97. IMAP Password
  98. crypt32.dll
  99. CryptUnprotectData
  100. Software\\Microsoft\\Internet Account Manager\\Accounts
  101. Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts
  102. Transfer-Encoding
  103. user_pref(\"network.http.spdy.enabled\", false);\r\nuser_pref(\"network.http.spdy.enabled.http2\", false);\r\n
  104. \r\n\r\n
  105. HTTP/1.
  106. chunked
  107. Content-Length
  108. Connection
  109. close
  110. Proxy-Connection
  111. close
  112. HTTP/1.
  113. Host
  114. Content-Length
  115. https://
  116. Referer
  117. Content-Type
  118. Authorization
  119. %x\r\n
  120. \r\n0\r\n\r\n
  121. Content-Length
  122. identity
  123. Accept-Encoding
  124. If-Modified-Since
  125. PR_GetNameForIdentity
  126. PR_SetError
  127. PR_GetError
  128. PR_OpenTCPSocket
  129. PR_Close
  130. application/x-www-form-urlencoded
  131.  NONE
  132. script
  133. script
  134. nbsp;
  135. <!DOCTYPE
  136. InternetCloseHandle gle: 0x%X, %u
  137. InternetCloseHandle
  138. InternetQueryDataAvailable
  139. HttpOpenRequestW
  140. InternetConnectW
  141. HttpSendRequestW
  142. InternetReadFile
  143. InternetWriteFile
  144. LdrLoadDll
  145. LdrGetProcedureAddress
  146. RtlInitAnsiString
  147. RtlCreateUnicodeStringFromAsciiz
  148. RtlCreateUserThread
  149. LdrLoadDll
  150. LdrGetProcedureAddress
  151. RtlInitAnsiString
  152. RtlCreateUnicodeStringFromAsciiz
  153. RtlCreateUserThread
  154. IsWow64Process
  155. %[^:]:%d
  156. RtlCompressBuffer
  157. RtlGetCompressionWorkSpaceSize
  158. RtlDecompressBuffer
  159. GdipCreateBitmapFromHBITMAP
  160. GdipSaveImageToFile
  161. Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\
  162. injects
  163. set_host
  164. set_path
  165. inject_setting
  166. data_keyword
  167. inject_before_keyword
  168. inject_after_keyword
  169. 8.8.8.8
  170. sourpuss.net
  171. ns1.opennameserver.org
  172. freya.stelas.de
  173. ns.dotbit.me
  174. ns1.moderntld.com
  175. ns1.rodgerbruce.com
  176. ns14.ns.ph2network.org
  177. newton.bambusoft.mx
  178. secondary.server.edv-froehlich.de
  179. philipostendorf.de
  180. a.dnspod.com
  181. b.dnspod.com
  182. c.dnspod.com
  183. _wv=%ls
  184. _wv=%ls
  185. bc00595440e801f8a5d2a2ad13b9791b
  186. auth
  187. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
  188. POST %s HTTP/1.0\r\nHost: %s\r\n%s\r\nCookie: %s=%s\r\nContent-type: application/x-www-form-urlencoded\r\nContent-length: %i\r\n\r\n%s\n
  189. bc00595440e801f8a5d2a2ad13b9791b
  190. auth
  191. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
  192. POST %s HTTP/1.0\r\nHost: %s\r\n%s\r\nCookie: %s=%s\r\nContent-type: application/x-www-form-urlencoded\r\nContent-length: %i\r\n\r\n%s\n
  193. \r\n-----------------------------%d\r\n
  194. \r\n-----------------------------%d\r\n
  195. -----------------------------%d\r\nContent-Disposition: form-data;name=\"fname\"\r\n\r\n%ls\r\n-----------------------------%d\r\nContent-Disposition: form-data; name=\"data\"; filename=\"%ls\"\r\nContent-Type: application/octet-stream\r\n\r\n
  196. -----------------------------%d\r\nContent-Disposition: form-data;name=\"fname\"\r\n\r\n%ls\r\n-----------------------------%d\r\nContent-Disposition: form-data; name=\"data\"; filename=\"%ls\"\r\nContent-Type: application/octet-stream\r\n\r\n
  197. bc00595440e801f8a5d2a2ad13b9791b
  198. auth
  199. POST %s HTTP/1.0\r\nHost: %s\r\nCookie: %s=%s;uid=%ls\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0\r\nContent-Type: multipart/form-data; boundary=---------------------------%d\r\nContent-Length: %d\r\nConnection: close\r\n\r\n
  200. bc00595440e801f8a5d2a2ad13b9791b
  201. auth
  202. POST %s HTTP/1.0\r\nHost: %s\r\nCookie: %s=%s;uid=%ls\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0\r\nContent-Type: multipart/form-data; boundary=---------------------------%d\r\nContent-Length: %d\r\nConnection: close\r\n\r\n
  203. GET %s HTTP/1.0\r\nHost: %s\r\nAccept: */* \r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36\r\nConnection: Close\r\n\r\n\r\n
  204. GET %s HTTP/1.0\r\nHost: %s\r\nAccept: */* \r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36\r\nConnection: Close\r\n\r\n\r\n
  205. --->
  206. <!---
  207. %02X
  208. https://
  209. Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)
  210. HTTP/1.1
  211. POST
  212. Connection: close\r\n
  213. urlmon.dll
  214. ObtainUserAgentString
  215. InitSecurityInterfaceA
  216. Microsoft Unified Security Protocol Provider
  217. gdiplus.dll
  218. CRYPT32.dll
  219. WININET.dll
  220. SHLWAPI.dll
  221. PSAPI.DLL
  222. WS2_32.dll
  223. DNSAPI.dll
  224. KERNEL32.dll
  225. USER32.dll
  226. GDI32.dll
  227. ADVAPI32.dll
  228. SHELL32.dll
  229. ole32.dll
  230. MSVCRT.dll
  231. PR_Read
  232. PR_Write
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top