[Default] New string identified : INSERT_KEY_HERE [Default] New string identified : 27 [Default] New string identified : 05 [Default] New string identified : 20 [Default] New string identified : 24 [Default] New string identified : GetProcAddress [Default] New string identified : LoadLibraryA [Default] New string identified : lstrcatA [Default] New string identified : OpenEventA [Default] New string identified : CreateEventA [Default] New string identified : CloseHandle [Default] New string identified : Sleep [Default] New string identified : GetUserDefaultLangID [Default] New string identified : VirtualAllocExNuma [Default] New string identified : VirtualFree [Default] New string identified : GetSystemInfo [Default] New string identified : VirtualAlloc [Default] New string identified : HeapAlloc [Default] New string identified : GetComputerNameA [Default] New string identified : lstrcpyA [Default] New string identified : GetProcessHeap [Default] New string identified : GetCurrentProcess [Default] New string identified : lstrlenA [Default] New string identified : ExitProcess [Default] New string identified : GlobalMemoryStatusEx [Default] New string identified : GetSystemTime [Default] New string identified : SystemTimeToFileTime [Default] New string identified : advapi32.dll [Default] New string identified : gdi32.dll [Default] New string identified : user32.dll [Default] New string identified : crypt32.dll [Default] New string identified : ntdll.dll [Default] New string identified : GetUserNameA [Default] New string identified : CreateDCA [Default] New string identified : GetDeviceCaps [Default] New string identified : ReleaseDC [Default] New string identified : CryptStringToBinaryA [Default] New string identified : sscanf [Default] New string identified : VMwareVMware [Default] New string identified : HAL9TH [Default] New string identified : JohnDoe [Default] New string identified : DISPLAY [Default] New string identified : hxxp://185[.]172.128.150 [Default] New string identified : /c698e1bc8a2f5e6d.php [Default] New string identified : /b7d0cfdb1d966bdd/ [Default] New string identified : default100 [Default] New string identified : GetEnvironmentVariableA [Default] New string identified : GetFileAttributesA [Default] New string identified : GlobalLock [Default] New string identified : HeapFree [Default] New string identified : GetFileSize [Default] New string identified : GlobalSize [Default] New string identified : CreateToolhelp32Snapshot [Default] New string identified : IsWow64Process [Default] New string identified : Process32Next [Default] New string identified : GetLocalTime [Default] New string identified : FreeLibrary [Default] New string identified : GetTimeZoneInformation [Default] New string identified : GetSystemPowerStatus [Default] New string identified : GetVolumeInformationA [Default] New string identified : GetWindowsDirectoryA [Default] New string identified : Process32First [Default] New string identified : GetLocaleInfoA [Default] New string identified : GetUserDefaultLocaleName [Default] New string identified : GetModuleFileNameA [Default] New string identified : DeleteFileA [Default] New string identified : FindNextFileA [Default] New string identified : LocalFree [Default] New string identified : FindClose [Default] New string identified : SetEnvironmentVariableA [Default] New string identified : LocalAlloc [Default] New string identified : GetFileSizeEx [Default] New string identified : ReadFile [Default] New string identified : SetFilePointer [Default] New string identified : WriteFile [Default] New string identified : CreateFileA [Default] New string identified : FindFirstFileA [Default] New string identified : CopyFileA [Default] New string identified : VirtualProtect [Default] New string identified : GetLogicalProcessorInformationEx [Default] New string identified : GetLastError [Default] New string identified : lstrcpynA [Default] New string identified : MultiByteToWideChar [Default] New string identified : GlobalFree [Default] New string identified : WideCharToMultiByte [Default] New string identified : GlobalAlloc [Default] New string identified : OpenProcess [Default] New string identified : TerminateProcess [Default] New string identified : GetCurrentProcessId [Default] New string identified : gdiplus.dll [Default] New string identified : ole32.dll [Default] New string identified : bcrypt.dll [Default] New string identified : wininet.dll [Default] New string identified : shlwapi.dll [Default] New string identified : shell32.dll [Default] New string identified : psapi.dll [Default] New string identified : rstrtmgr.dll [Default] New string identified : CreateCompatibleBitmap [Default] New string identified : SelectObject [Default] New string identified : BitBlt [Default] New string identified : DeleteObject [Default] New string identified : CreateCompatibleDC [Default] New string identified : GdipGetImageEncodersSize [Default] New string identified : GdipGetImageEncoders [Default] New string identified : GdipCreateBitmapFromHBITMAP [Default] New string identified : GdiplusStartup [Default] New string identified : GdiplusShutdown [Default] New string identified : GdipSaveImageToStream [Default] New string identified : GdipDisposeImage [Default] New string identified : GdipFree [Default] New string identified : GetHGlobalFromStream [Default] New string identified : CreateStreamOnHGlobal [Default] New string identified : CoUninitialize [Default] New string identified : CoInitialize [Default] New string identified : CoCreateInstance [Default] New string identified : BCryptGenerateSymmetricKey [Default] New string identified : BCryptCloseAlgorithmProvider [Default] New string identified : BCryptDecrypt [Default] New string identified : BCryptSetProperty [Default] New string identified : BCryptDestroyKey [Default] New string identified : BCryptOpenAlgorithmProvider [Default] New string identified : GetWindowRect [Default] New string identified : GetDesktopWindow [Default] New string identified : GetDC [Default] New string identified : CloseWindow [Default] New string identified : wsprintfA [Default] New string identified : EnumDisplayDevicesA [Default] New string identified : GetKeyboardLayoutList [Default] New string identified : CharToOemW [Default] New string identified : wsprintfW [Default] New string identified : RegQueryValueExA [Default] New string identified : RegEnumKeyExA [Default] New string identified : RegOpenKeyExA [Default] New string identified : RegCloseKey [Default] New string identified : RegEnumValueA [Default] New string identified : CryptBinaryToStringA [Default] New string identified : CryptUnprotectData [Default] New string identified : SHGetFolderPathA [Default] New string identified : ShellExecuteExA [Default] New string identified : InternetOpenUrlA [Default] New string identified : InternetConnectA [Default] New string identified : InternetCloseHandle [Default] New string identified : InternetOpenA [Default] New string identified : HttpSendRequestA [Default] New string identified : HttpOpenRequestA [Default] New string identified : InternetReadFile [Default] New string identified : InternetCrackUrlA [Default] New string identified : StrCmpCA [Default] New string identified : StrStrA [Default] New string identified : StrCmpCW [Default] New string identified : PathMatchSpecA [Default] New string identified : GetModuleFileNameExA [Default] New string identified : RmStartSession [Default] New string identified : RmRegisterResources [Default] New string identified : RmGetList [Default] New string identified : RmEndSession [Default] New string identified : sqlite3_open [Default] New string identified : sqlite3_prepare_v2 [Default] New string identified : sqlite3_step [Default] New string identified : sqlite3_column_text [Default] New string identified : sqlite3_finalize [Default] New string identified : sqlite3_close [Default] New string identified : sqlite3_column_bytes [Default] New string identified : sqlite3_column_blob [Default] New string identified : encrypted_key [Default] New string identified : PATH [Default] New string identified : C:\ProgramData\nss3.dll [Default] New string identified : NSS_Init [Default] New string identified : NSS_Shutdown [Default] New string identified : PK11_GetInternalKeySlot [Default] New string identified : PK11_FreeSlot [Default] New string identified : PK11_Authenticate [Default] New string identified : PK11SDR_Decrypt [Default] New string identified : C:\ProgramData\ [Default] New string identified : SELECT origin_url, username_value, password_value FROM logins [Default] New string identified : browser: [Default] New string identified : profile: [Default] New string identified : url: [Default] New string identified : login: [Default] New string identified : password: [Default] New string identified : Opera [Default] New string identified : OperaGX [Default] New string identified : Network [Default] New string identified : cookies [Default] New string identified : .txt [Default] New string identified : SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies [Default] New string identified : TRUE [Default] New string identified : FALSE [Default] New string identified : autofill [Default] New string identified : SELECT name, value FROM autofill [Default] New string identified : history [Default] New string identified : SELECT url FROM urls LIMIT 1000 [Default] New string identified : cc [Default] New string identified : SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards [Default] New string identified : name: [Default] New string identified : month: [Default] New string identified : year: [Default] New string identified : card: [Default] New string identified : Cookies [Default] New string identified : Login Data [Default] New string identified : Web Data [Default] New string identified : History [Default] New string identified : logins.json [Default] New string identified : formSubmitURL [Default] New string identified : usernameField [Default] New string identified : encryptedUsername [Default] New string identified : encryptedPassword [Default] New string identified : guid [Default] New string identified : SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies [Default] New string identified : SELECT fieldname, value FROM moz_formhistory [Default] New string identified : SELECT url FROM moz_places LIMIT 1000 [Default] New string identified : cookies.sqlite [Default] New string identified : formhistory.sqlite [Default] New string identified : places.sqlite [Default] New string identified : plugins [Default] New string identified : Local Extension Settings [Default] New string identified : Sync Extension Settings [Default] New string identified : IndexedDB [Default] New string identified : Opera Stable [Default] New string identified : Opera GX Stable [Default] New string identified : CURRENT [Default] New string identified : chrome-extension_ [Default] New string identified : _0.indexeddb.leveldb [Default] New string identified : Local State [Default] New string identified : profiles.ini [Default] New string identified : chrome [Default] New string identified : opera [Default] New string identified : firefox [Default] New string identified : wallets [Default] New string identified : %08lX%04lX%lu [Default] New string identified : SOFTWARE\Microsoft\Windows NT\CurrentVersion [Default] New string identified : ProductName [Default] New string identified : x32 [Default] New string identified : x64 [Default] New string identified : %d/%d/%d %d:%d:%d [Default] New string identified : HARDWARE\DESCRIPTION\System\CentralProcessor\0 [Default] New string identified : ProcessorNameString [Default] New string identified : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall [Default] New string identified : DisplayName [Default] New string identified : DisplayVersion [Default] New string identified : Network Info: [Default] New string identified : - IP: IP? [Default] New string identified : - Country: ISO? [Default] New string identified : System Summary: [Default] New string identified : - HWID: [Default] New string identified : - OS: [Default] New string identified : - Architecture: [Default] New string identified : - UserName: [Default] New string identified : - Computer Name: [Default] New string identified : - Local Time: [Default] New string identified : - UTC: [Default] New string identified : - Language: [Default] New string identified : - Keyboards: [Default] New string identified : - Laptop: [Default] New string identified : - Running Path: [Default] New string identified : - CPU: [Default] New string identified : - Threads: [Default] New string identified : - Cores: [Default] New string identified : - RAM: [Default] New string identified : - Display Resolution: [Default] New string identified : - GPU: [Default] New string identified : User Agents: [Default] New string identified : Installed Apps: [Default] New string identified : All Users: [Default] New string identified : Current User: [Default] New string identified : Process List: [Default] New string identified : system_info.txt [Default] New string identified : freebl3.dll [Default] New string identified : mozglue.dll [Default] New string identified : msvcp140.dll [Default] New string identified : nss3.dll [Default] New string identified : softokn3.dll [Default] New string identified : vcruntime140.dll [Default] New string identified : \Temp\ [Default] New string identified : .exe [Default] New string identified : runas [Default] New string identified : open [Default] New string identified : /c start [Default] New string identified : %DESKTOP% [Default] New string identified : %APPDATA% [Default] New string identified : %LOCALAPPDATA% [Default] New string identified : %USERPROFILE% [Default] New string identified : %DOCUMENTS% [Default] New string identified : %PROGRAMFILES% [Default] New string identified : %PROGRAMFILES_86% [Default] New string identified : %RECENT% [Default] New string identified : *.lnk [Default] New string identified : files [Default] New string identified : \discord\ [Default] New string identified : \Local Storage\leveldb\CURRENT [Default] New string identified : \Local Storage\leveldb [Default] New string identified : \Telegram Desktop\ [Default] New string identified : key_datas [Default] New string identified : D877F783D5D3EF8C* [Default] New string identified : map* [Default] New string identified : A7FDF864FBC10B77* [Default] New string identified : A92DAA6EA6F891F2* [Default] New string identified : F8806DD0C461824F* [Default] New string identified : Telegram [Default] New string identified : Tox [Default] New string identified : *.tox [Default] New string identified : *.ini [Default] New string identified : Password [Default] New string identified : Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ [Default] New string identified : Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ [Default] New string identified : Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ [Default] New string identified : Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ [Default] New string identified : Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\ [Default] New string identified : oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\ [Default] New string identified : 00000001 [Default] New string identified : 00000002 [Default] New string identified : 00000003 [Default] New string identified : 00000004 [Default] New string identified : \Outlook\accounts.txt [Default] New string identified : Pidgin [Default] New string identified : \.purple\ [Default] New string identified : accounts.xml [Default] New string identified : dQw4w9WgXcQ [Default] New string identified : token: [Default] New string identified : Software\Valve\Steam [Default] New string identified : SteamPath [Default] New string identified : \config\ [Default] New string identified : ssfn* [Default] New string identified : config.vdf [Default] New string identified : DialogConfig.vdf [Default] New string identified : DialogConfigOverlay*.vdf [Default] New string identified : libraryfolders.vdf [Default] New string identified : loginusers.vdf [Default] New string identified : \Steam\ [Default] New string identified : sqlite3.dll [Default] New string identified : browsers [Default] New string identified : done [Default] New string identified : soft [Default] New string identified : \Discord\tokens.txt [Default] New string identified : /c timeout /t 5 & del /f /q " [Default] New string identified : " & del "C:\ProgramData\*.dll"" & exit [Default] New string identified : C:\Windows\system32\cmd.exe [Default] New string identified : https [Default] New string identified : Content-Type: multipart/form-data; boundary=---- [Default] New string identified : POST [Default] New string identified : HTTP/1.1 [Default] New string identified : Content-Disposition: form-data; name=" [Default] New string identified : hwid [Default] New string identified : build [Default] New string identified : token [Default] New string identified : file_name [Default] New string identified : file [Default] New string identified : message [Default] New string identified : ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890