Star 历史趋势
数据来源: GitHub API · 生成自 Stargazers.cn
README.md
What is this Stealer 
A repository of credential stealer formats for system information (e.g information.txt, system_info.txt etc...)
Your contributions are always welcome !
Ailurophile (info.txt)
IP: [redacted]
Country: [redacted]
Hostname: [redacted]
PC Type: Microsoft Windows [redacted]
Architecture: amd64
File Path: C:\Users\[redacted]\AppData\Local\Temp
Main Path: C:\Users\[redacted]\AppData\Local\Ailurophile
Allowed Extensions: [rdp txt doc docx pdf csv xls xlsx keys ldb log]
Folders to Search: [Documents Desktop Downloads]
Files: [bank info casino prv privé prive telegram personnel trading bitcoin sauvegarde funds recup note]
MAC Address: [redacted]
Screen Resolution: [redacted]
Browsers:
Chrome Default - version: [version string]
Edge Default - version: [version string]
ArechClientV2 (UserInformation.txt)
IP: 127.0.0.1
FileLocation: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
UserName: John
Country: GE
HWID: 12F6A3D3C12FE832CE805EB15C38A31A
Current Language: Russian (Russia)
ScreenSize: {Width = 1536,Height = 864}TimeZone: (UTC+04:00) Тбилиси
Operation System: Windows 10 Enterprise x64
Process Elevation: True
Available KeyboardLayouts:
Russian (Russia)
English (United States)
Hardwares:
Name: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz, 4 Cores
Name: Intel(R) HD Graphics 530, 1073741824 bytes
Name: NVIDIA GeForce GTX 960M, 4293918720 bytes
Name: Total of RAM, 16211.79 MB or 16999297024 bytes
Anti-Viruses:
Windows Defender
Astris (Information.txt)
[General]
Build: recaptcha-verify (1.0.0)
HWID: 0A256AD07967582CD5A08537A6C57941
Date: 10/18/2024 1:51:06 PM
[Machine]
Computer Name: DESKTOP-ET51AJO
User Name: Bruno
System: Windows 10 Pro [x64]
Resolution: 1400x1050
Antiviruses: Windows Defender
Product Key: W269N-WFGWX-YVC9B-4J6C9-T83GX
[Geolocation]
Country: United States (US)
Location: Council Bluffs, Iowa
Zip Code:
[Network]
Public IP Address: 34.46.22.199
Private IP Address: 172.16.1.3
Internet Provider: Google LLC
[Miscellaneous]
Timezone: (UTC-08:00) Pacific Time (US & Canada)
Display Language: en-US
Ran as Admin: True
Keyboard Layouts:
- English (United States)
- Korean (Korea)
- Russian (Russia)
- Persian (Iran)
- Chinese (Simplified, China)
[Hardware]
CPU: Intel(R) Xeon(R) CPU @ 2.80GHz
GPU: Microsoft Basic Display Adapter
RAM: 4.1 GB
[Software]
Python 3.10.11 Core Interpreter (32-bit) [3.10.11150.0]
Python 3.10.11 Tcl/Tk Support (32-bit) [3.10.11150.0]
Python 3.10.11 Standard Library (32-bit) [3.10.11150.0]
Microsoft DCF MUI (English) 2016 [16.0.4266.1001]
[Processes]
msiexec
svchost
updater
conhost
svchost
Atomic Mac (UserInformation.txt)
MetaMask Info:
Seeds:
Private Keys:
Debanks:
Userinfo:
Country: US
IP: 47.160.126.208/284629518
City: Irving
ProductName: macOS
ProductVersion: 14.6
BuildVersion: 23G5075b
Hardware:
Hardware Overview:
Model Name: MacBook Pro
Model Identifier: Mac15,6
Model Number: MRX33LL/A
Chip: Apple M3 Pro
Total Number of Cores: 11 (5 performance and 6 efficiency)
Memory: 18 GB
System Firmware Version: 10151.140.19
OS Loader Version: 10151.140.19
Serial Number (system): F5X2YRHCVQ
Hardware UUID: 10F94688-D5E6-54BC-9437-BE147FF22A0E
Provisioning UDID: 00006030-000819003628001C
Activation Lock Status: Enabled
Graphics/Displays:
Apple M3 Pro:
Chipset Model: Apple M3 Pro
Type: GPU
Bus: Built-In
Total Number of Cores: 14
Vendor: Apple (0x106b)
Metal Support: Metal 3
Displays:
Color LCD:
Display Type: Built-in Liquid Retina XDR Display
Resolution: 3024 x 1964 Retina
Main Display: Yes
Mirror: Off
Online: Yes
Automatically Adjust Brightness: Yes
Connection Type: Internal
Banshee (system_information.txt)
HWID: C9D18A2E-EDA4-5A7A-AB7E-XDNCCLAU35VS
Log Date: 03 September 2024 00:17:30
Build Name: bzPg7NGR1bFjBDl3Sjz9c1C03C2I89
Country Code: US
User Name: John Smith (johnsmith)
Computer Name: John’s MacBook Air (2)
Operation System: macOS 12.6.6 (21G646)
Time Zone: UTC-07:00 America/Adak
CPU: Dual-Core Intel Core i5, 1.8 GHz
RAM: 8 GB
IP: 127.0.0.1
Blank Grabber (System Info.txt)
Host Name: DESKTOP-1PQPCEA
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19045 N/A Build 19045
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: admin
Registered Organization:
Product ID: 00330-80000-00000-AA016
Original Install Date: 5/19/2024, 6:34:35 AM
System Boot Time: 5/19/2024, 8:19:06 AM
System Manufacturer: VMware, Inc.
System Model: VMware20,1
System Type: x64-based PC
Processor(s): 2 Processor(s) Installed.
[01]: AMD64 Family 23 Model 113 Stepping 0 AuthenticAMD ~3500 Mhz
[02]: AMD64 Family 23 Model 113 Stepping 0 AuthenticAMD ~3500 Mhz
BIOS Version: VMware, Inc. VMW201.00V.21805430.B64.2305221830, 5/22/2023
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 8,191 MB
Available Physical Memory: 5,096 MB
Virtual Memory: Max Size: 10,111 MB
Virtual Memory: Available: 7,138 MB
Virtual Memory: In Use: 2,973 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\DESKTOP-1PQPCEA
Hotfix(s): 5 Hotfix(s) Installed.
[01]: KB5031988
[02]: KB5015684
[03]: KB5033372
[04]: KB5014032
[05]: KB5032907
Network Card(s): 3 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet0
DHCP Enabled: Yes
DHCP Server: 192.168.229.254
IP address(es)
[01]: 192.168.229.128
[02]: fe80::8da6:ef32:1a8e:643d
[02]: Bluetooth Device (Personal Area Network)
Connection Name: Bluetooth Network Connection
Status: Media disconnected
[03]: Wintun Userspace Tunnel
Connection Name: Mullvad
DHCP Enabled: No
IP address(es)
[01]: 10.5.0.18
[02]: fe80::4dc0:5438:c35d:200e
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
CryptBot (_Information.txt)
OS: Windows 10 Pro [ 64-bit ]
Local Date and Time: 2024-12-29 05:37:17 [ UTC: (UTC-08:00) Pacific Time (US & Canada) ]
UserName (ComputerName): Bruno (DESKTOP-ET51AJO)
CPU: Intel(R) Core(TM)CPU @ 2.80GHz [ Сores: 4 ]
RAM: 16 Gb
GPU: Microsoft Basic Display Adapter
Display Resolution: 1400 x 1050
Software:
Microsoft OneDrive [ 19.043.0304.0013 ]
Python 3.10.11 (32-bit) [ 3.10.11150.0 ]
7-Zip 23.01 (x64) [ 23.01 ]
Mozilla Firefox (x64 en-US) [ 123.0.1 ]
DarkCrystal RAT (Information [US, North Charleston].txt)
PC Name: DESKTOP-5ABF2TC
User Name: John
Windows: Windows Server 2022 Datacenter 64 Bit
CPU Name: Unknown (Unknown)
CPU Cores: Unknown (Unknown)
GPU Name: Unknown (Unknown)
GPU Mode: Unknown
Motherboard: Unknown Unknown (Unknown)
BIOS: Unknown (Unknown)
Antivirus: Unknown
Firewall: Unknown
RAM: Unknown
LANIP: Unknown
.NET Framework Version: 4.8+
Path: C:\Program Files\WinRAR\System.exe
IP: 127.0.0.1
City: South Carolina / North Charleston
Country: US / United States
Location: 32.8608 / -79.9746
Monitors:
Unknown
Save Time: 29.12.2024 23:51
ExelaStealer (system_info.txt)
----------------------https://t.me/ExelaStealer----------------------
======================================================================
System Info
Host Name: DESKTOP-AS11AQO
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19044 N/A Build 19044
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Bruno
Registered Organization:
Product ID: 69993-333-1113377-81456
Original Install Date: 2/14/2024, 4:38:00 PM
System Boot Time: 1/20/2025, 10:34:54 PM
System Manufacturer: QEMU
System Model: Standard PC (Q35 + ICH9, 2009)
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 85 Stepping 7 GenuineIntel
2800 Mhz
BIOS Version: SeaBIOS rel-1.16.3-4-g163fd9f0-dirty-20240307_191320-cape-base, 11/3/2018
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us
English (United States)
Input Locale: en-us
Time Zone: (UTC-08:00) Pacific Time (US
Canada)
Total Physical Memory: 4,195 MB
Available Physical Memory: 2,784 MB
Virtual Memory: Max Size: 5,667 MB
Virtual Memory: Available: 4,226 MB
Virtual Memory: In Use: 1,441 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\DESKTOP-ET51AJO
Hotfix(s): 4 Hotfix(s) Installed.
[01]: KB5004331
[02]: KB5003791
[03]: KB5006670
[04]: KB5005699
Network Card(s): 1 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet
DHCP Enabled: Yes
DHCP Server: 172.16.1.1
IP address(es)
[01]: 172.16.1.9
[02]: fe80::a417:94a2:feb0:d959
Hyper-V Requirements: VM Monitor Mode Extensions: Yes
Virtualization Enabled In Firmware: Yes
Second Level Address Translation: Yes
Data Execution Prevention Available: Yes
System Version
Microsoft Windows [Version 10.0.19044.1288]
Host Name
DESKTOP-ET51AJO
Environment Variable
LucaStealer (user_info.txt)
- IP Info -
IP: 127.0.0.1
Country: Germany
City: Berlin
Postal: 10178
ISP: Cogent Communications - A174
Timezone: +01:00
- PC Info -
OS: Microsoft Windows 10 Pro
CPU: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz
GPU:
- Microsoft Basic Display Adapter (1280, 720)
HWID: Unknown
Current Language: English (United States)
FileLocation: C:\Users\admin\Desktop\Cryptor.exe
Is Elevated: false
- Other Info -
Antivirus:
- Windows Defender
- Log Info -
Passwords: ✅ 1
Cookies: ✅ 50
Wallets: ❌
Files: ❌
Credit Cards: ❌
Lumma (System.txt)
- LummaC2 Build: Oct 21 2024
- LID: 4SD0y4--MAGISTER
- Configuration:
- Path: C:\Users\pc\AppData\Local\Temp\1F58.exe
- OS Version: Windows 11 Pro (10.0.22631) x64
- Local Date: 26.10.2024 19:00:18
- Time Zone: UTC+4
- Install Date: 23.02.2024 11:01:58
- Elevated: false
- Computer:DESKTOP-5ABF2TC
- User: pc
- Domain:
- Hostname: DESKTOP-5ABF2TC
- NetBIOS: DESKTOP-5ABF2TC
- Language: ar-AE
- Anti Virus:
- Windows Defender
- HWID: 2FC5E1B5B129FD4CDB71E32F12995CB3
- RAM Size: 16384MB
- CPU Vendor: GenuineIntel
- CPU Name: 11th Gen Intel(R) Core(TM) i5-11400F @ 2.60GHz
- CPU Threads: 12
- CPU Cores: 6
- GPU: NVIDIA GeForce RTX 3050
- Display resolution: 1920x1080
- IP Address: 127.0.0.1
- Time: 26.10.2024 18:00:17 (sig:1729954817.083b646b6e3d8a67dcccac7f0073444c)
- Country: AE
Lumma (System.txt)
LummaC2, Build: Dec 29 2023
LID (Lumma ID): 4SD0y4--MAGISTER
- PC: DESKTOP-5ABF2TC
- User: pc
- Domain:
- Hostname: DESKTOP-5ABF2TC
- NetBIOS: DESKTOP-5ABF2TC
- OS Version: Windows 11 Pro (10.0.22631) x64
- Language: ar-AE
- HWID: 2FC5E1B5B129FD4CDB71E32F12995CB3
- CPU Vendor: GenuineIntel
- CPU Name: 11th Gen Intel(R) Core(TM) i5-11400F @ 2.60GHz
- GPU: NVIDIA GeForce RTX 3050
- RAM Size: 16384MB
- Screen resolution: 1920x1080
- IP Address: 127.0.0.1
- Country: AE
Meduza (UserInfo.txt)
HWID: BF72890FDDFA11EEB512345E6F6E6963E11C7EE3
Log Date: 03-12-2024, 23:45:57
Build Name: Oxoxox
Country Code: US
User Name: John
Computer Name: DESKTOP-5ABF2TC
Operation System: Windows 10 Home
Time Zone: [UTC-7:00] US Mountain Standard Time
Screen Resolution: 1920x1080
CPU: AMD Ryzen 5 3500 6-Core Processor , 6 cores
GPU: NVIDIA GeForce GTX 1650 SUPER
RAM: 7.91499 GB
IP: 127.0.0.1
Execute Path: C:\Users\acegr\AppData\Local\Temp\9cb5ce.exe
Noxty (identification.txt)
User: 123716
Operating System: Microsoft Windows 10 Pro 10.0.17134
Process Executable Path: C:\Users\george\AppData\Local\Temp\2qkzd95dyyUVXJUyxyDQepb1uAe\SecurityHealthService.exe
Uptime: 1 hours, 12 minutes, 35 seconds
CPU: Intel Celeron® G6900, Intel Celeron G6900 2.59 GHz
RAM: 8 GB
GPU: 2YYYT (1024 MB)
ScreenResolution: 1024x768
Serial Number: 00330-80000-00000-AA154
Disk Devices: C: 208.15 GB
IP: 34.17.55.59
Country: Italy
City: Turin
Region: Piedmont
ISP: GOOGLE-CLOUD-PLATFORM
Latitude: 45.0705
Longitude: 7.6868
Timezone: Europe/Rome
Phemedrone (Information.txt)
----- Geolocation Data -----
IP: 127.0.0.1
Country: Russia (RU)
City:
Postal: 56694
MAC: 52:54:00:E8:91:2E
----- Hardware Info -----
Username: Administrator\ZTLRFZYKCOID
Windows name: Windows Server 2016 Standard x64
Hardware ID: fce12345dbb464f8e31fb2bb1234f2c8
Screen Resolution: 1920x1080
GPU: Microsoft Basic Display Adapter
CPU: QEMU Virtual CPU version 2.5+
RAM: 4 GB
----- Report Contents -----
Passwords: 0
Cookies: 57
Credit Cards: 0
AutoFills: 0
Extensions: 0
Wallets: 0
Files: 0
----- Miscellaneous -----
Antivirus products:
File Location: C:\Users\Administrator\Desktop\Ruvyjam.exe
Clipboard text:
PredatorTheThief v3 (Information.txt)
Predator The Thief : v3.0.0 Release
-----------------------------
Developed by Alexuiop1337
Buy Predator at t.me/sett9
Launch time: Mon Jan 13 04:21:34 2025
Passwords: 0
Cookies: 33
Forms: 4
Cards: 0
Wallets: -
Steam: -
Telegram: -
FileZilla: -
WinFtp: -
Discord: -
User name: Bruno
Machine name: DESKTOP-AV33AV3
OS version: Windows 10 Enterprise x64
Current clipboard:
--------------
Startup folder: C:\Users\Bruno\Desktop\0c9f1d66b2df544606f1d8702f7f9203e57622ffa50bea560ef09e89.exe
CPU info: Intel(R) Xeon(R) CPU @ 2.80GHz
Amount of kernels: 4 (Current CPU usage: -300.982300%)
GPU info: Microsoft Basic Display Adapter
Amount of RAM: 17 GB (Current RAM usage: 13258 MB)
Screen resolution: 1400x1050
Computer users:
All Users
Default
Default User
Public
Installed applications:
1) chrome_Unpacker_BeginUnzipping3972_1937685919
2) chrome_url_fetcher_3656_13444481
3) chrome_url_fetcher_3656_400969800
4) chrome_url_fetcher_3868_657230266
5) chrome_url_fetcher_3924_294671405
6) chrome_url_fetcher_3928_702586853
7) chrome_url_fetcher_3932_1691910331
8) chrome_url_fetcher_3972_1047990607
9) chrome_url_fetcher_3980_666298528
10) chrome_url_fetcher_3988_1139822304
11) chrome_url_fetcher_4016_181583384
12) chrome_url_fetcher_4016_1852935941
13) chrome_url_fetcher_4032_1421355394
14) chrome_url_fetcher_4056_1736669238
15) chrome_url_fetcher_808_48764292
16) Common Files
17) Google
18) Hnc
19) Internet Explorer
20) Microsoft
21) Microsoft Analysis Services
22) Microsoft Office
23) Microsoft SQL Server
24) Microsoft.NET
25) Mozilla Maintenance Service
26) MSBuild
27) Reference Assemblies
28) Windows Defender
29) Windows Mail
30) Windows Media Player
31) Windows Multimedia Platform
32) Windows NT
33) Windows Photo Viewer
34) Windows Portable Devices
35) Windows Sidebar
36) WindowsPowerShell
37) chrome_Unpacker_BeginUnzipping3972_1937685919
38) chrome_url_fetcher_3656_13444481
39) chrome_url_fetcher_3656_400969800
40) chrome_url_fetcher_3868_657230266
41) chrome_url_fetcher_3924_294671405
42) chrome_url_fetcher_3928_702586853
43) chrome_url_fetcher_3932_1691910331
44) chrome_url_fetcher_3972_1047990607
45) chrome_url_fetcher_3980_666298528
46) chrome_url_fetcher_3988_1139822304
47) chrome_url_fetcher_4016_181583384
48) chrome_url_fetcher_4016_1852935941
49) chrome_url_fetcher_4032_1421355394
50) chrome_url_fetcher_4056_1736669238
51) chrome_url_fetcher_808_48764292
52) Common Files
53) Google
54) Hnc
55) Internet Explorer
56) Microsoft
57) Microsoft Analysis Services
58) Microsoft Office
59) Microsoft SQL Server
60) Microsoft.NET
61) Mozilla Maintenance Service
62) MSBuild
63) Reference Assemblies
64) Windows Defender
65) Windows Mail
66) Windows Media Player
67) Windows Multimedia Platform
68) Windows NT
69) Windows Photo Viewer
70) Windows Portable Devices
71) Windows Sidebar
72) WindowsPowerShell
Compile time: Oct 13 2018
Grabbing time: 13.285341 second(s)
Raccoon (System Info.txt)
Build compile date: Sat Feb 27 21:25:06 2021
Launched at: 2021.03.03 - 09:59:08 GMT
Bot_ID: 2B535503-847D-4780-BFA1-18DFAF0D764D_Mario
Running on a laptop
-------------
- Cookies: 1292
- Passwords: 104
- Files: 0
System Information:
- System Language: Polish
- System TimeZone: +1 hrs
- IP: 80.238.108.168
- Location: 52.273998, 21.083700 | Warsaw, Mazovia, Poland (03-890)
- ComputerName: MARIO-KOMPUTER
- Username: Mario
- Windows version: NT 6.1
- Product name: Windows 7 Home Premium
- System arch: x32
- CPU: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz (4 cores)
- RAM: 3055 MB (1554 MB used)
- Screen resolution: 1366x768
- Display devices:
0) Intel(R) HD Graphics 5500
-------------
Installed Apps:
7-Zip 19.00 (19.00)
Adobe Acrobat Reader DC - Polish (19.010.20098)
Adobe Refresh Manager (1.8.0)
Adobe SVG Viewer 3.0 ( 3.0)
Advanced SystemCare (14.1.0)
WinRAR 6.00 (32-bit) (6.00.0)
-------------
Raccoon (System Info.txt)
User ID: 9d592aaf-038b-4374-81e3-1b4b3f879370|Grzesiek
Last seen: Thu Oct 10 2024 17:21:27 GMT+0200 (Central European Summer Time)
Build: 66a7f4...98fb46
IP info: PL 31.60.52.174
System Information:
- Locale: Polish
- Time zone: +60 minutes from GMT
- OS: Windows 10 Home
- Architecture: x64
- CPU: Intel(R) Core(TM) i5-3550 CPU @ 3.30GH (4 cores)
- RAM: 8159 MB
- Display size: 1680x1050
- Display Devices:
0) Radeon RX 570 Series
Installed applications:
AMD Software 22.4.2
WinRAR 6.24 (64-bitowy) 6.24.0
AMD DVR64 1.0.2
ScpToolkit 1.7.277.16103
Branding64 1.00.0009
Malwarebytes version 5.1.2.109
UE4 Prerequisites (x64) 1.0.11.0
Revo Uninstaller Pro 5.2.6
AMD Settings 2022.0420.0248.5055
AMD WVR64 1.0.2
EVERSPACE™ 2 1.2.40068 Incursions Hotfix #2
DOOM Eternal
Google Chrome 129.0.6668.90
HD Tune Pro 5.75
Internet Download Manager 6.42.3
K-Lite Codec Pack 18.2.0 Full
Microsoft Edge 92.0.902.67
Microsoft Edge Update 1.3.195.25
Splash 2.7.0
OpenAL
PLAY INTERNET 23.015.11.00.264
Steam 2.10.91.91
UE4 Prerequisites (x64) 1.0.13.0
Need For Speed Payback Deluxe Edition MULTi10 - ElAmigos wersja 1.0.51.15364
CheckDrive 2025 6.02
RedLine/META (UserInformation.txt)
Build ID: TG
IP: 127.0.0.1
FileLocation: C:\Users\Soliman\AppData\Roaming\LqKC6wx1X7.exe
UserName: John
MachineName: DESKTOP-I5DF3AA
Country: AE
Zip Code: UNKNOWN
Location: Dubai, Dubayy
HWID: 122C51E4AF1735E9123E2A94C1AC26A0D
Current Language: English (United States)
ScreenSize: {Width=1536, Height=864}
TimeZone: (UTC+04:00) Abu Dhabi, Muscat
Operation System: Windows 10 Pro x64
Log date: 7/4/2024 5:43:07 PM
Available KeyboardLayouts:
English (United Kingdom)
English (United States)
Arabic (Egypt)
Hardwares:
Name: Total of RAM, 8087.34 Mb or 8480190464 bytes
Name: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2 Cores
Name: Intel(R) HD Graphics 520, 1073741824 bytes
Anti-Viruses:
Windows Defender
Rhadamanthys (system.txt)
Install Date: 09 Dec 23 00:33 UTC
Traffic Name: 001FT-35
HWID: [redacted]
IP: 127.0.0.1
Country: CA
Time Zone: UTC-5
System Language: Japanese
User Language: English
Keyboard Language: English
Processor: Intel(R) Core(TM) i9-10850K CPU @ 3.60GHz
Installed RAM: 32658 MB
OS: Windows 10 build 19045 (64 Bit)
Video card: NVIDIA GeForce RTX 3080
Display Resolution: 2560x1440
Computer Name: [redacted]
User Name: [redacted]
Domain Name: DOMAIN
MachineID: [redacted]
WallPaper Hash: [40 char string]
RisePro (information.txt)
Build: default
Version: 2.0
Date: Sat Jul 06 3:43:57 2024
MachineID: [redacted]
GUID: {553e7197-[redacted]}
HWID: [redacted]
Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Work Dir: C:\Users\hp\AppData\Local\Temp\trixyqMFkDNPSFQYy
IP: 127.0.0.1
Location: EG, Cairo
ZIP (Autofills): -
Windows: Windows 10 Pro [x64]
Computer Name: DESKTOP-DW129SN [WORKGROUP]
User Name: hp
Display Resolution: 1920x1200
Display Language: en-US
Keyboard Languages: English (United States) / Arabic (Egypt)
Local Time: 6/7/2024 3:43:57
TimeZone: UTC2
[Hardware]
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
CPU Count: 8
RAM: 16090 MB
VideoCard #0: Intel(R) HD Graphics 4600
[Processes]
System [4]
Registry [124]
smss.exe [548]
csrss.exe [660]
wininit.exe [752]
csrss.exe [772]
winlogon.exe [824]
services.exe [892]
RL Stealer (Information.txt)
==================================================
Operating system : Windows Server 2022 Datacenter (64 Bit)
PC user : EC2AMAZ-75HN4R3/Administrator
ClipBoard : text
Launch : C:\Users\Administrator\Pictures\rdp_stealer.exe
==================================================
Screen resolution : 600x1256
Current time : 5/22/2023 5:28:14 PM
HWID : 178BFBFF000406F1
==================================================
CPU : Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz
RAM : 16382MB
GPU : Microsoft Basic Display Adapter
==================================================
IP Geolocation : 127.0.0.1 [India]
Log Date : 05/22/2023 5:28
BSSID : 0a:02:14:dc:54:1e
==================================================
StealC (system_info.txt)
Network Info:
- IP: 122.161.XXX.XX
- Country: IN
System Summary:
- HWID: G5NGOT9X695ZPKPW0RQSPS
- OS: Windows 10 Pro
- Architecture: x64
- UserName: John
- Computer Name: DESKTOP-5ABF2TC
- Local Time: 2024/6/22 15:49:7
- UTC: 5
- Language: en-IN
- Keyboards: English (United States)
- Laptop: TRUE
- Running Path: C:\Windows\SysWOW64\explorer.exe
- CPU: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
- Cores: 2
- Threads: 4
- RAM: 3971 MB
- Display Resolution: 1600x900
- GPU:
-Intel(R) HD Graphics 5500
Stealerium (Info.txt)
[IP]
External IP: 119.98.203.64
Internal IP: 10.0.2.15
Gateway IP: 10.0.2.2
[Machine]
Username: John
Compname: DESKTOP-5ABF2TC
System: Microsoft Windows 10 Pro (64 Bit)
CPU: Intel(R) Xeon(R) CPU @ 3.20GHz
GPU: Microsoft Basic Display Adapter
RAM: 4092MB
DATE: 2024-12-25 7:27:19 AM
SCREEN: 1920x1080
BATTERY: NoSystemBattery (100%)
WEBCAMS COUNT: 0
[Virtualization]
VirtualMachine: False
SandBoxie: False
Emulator: False
Processes: False
Hosting: False
Antivirus: Windows Defender
Skalka (UserInformation.txt)
Operation System: win10-amd64
Current JarFile Path: C:/Users/WDAGUtilityAccount/AppData/Local/Temp/svchost.jar
UserName: WDAGUtilityAccount
IP: 95.135.28.223
TimeZone: 2024-09-29T02:31:56.696+03:00 [Europe/Moscow]
Width: 1076.0, Height: 533.0
Language & Country: ru_RU
Vidar (information.txt)
Ip: [redacted]
Country: [redacted]
Version: 12
Date: [redacted]
MachineID: [redacted]
GUID: [redacted]
HWID: [redacted]
Path: [redacted]
Work Dir: In memory
Windows: Windows 10 Pro
Install Date: Disabled
AV: Disabled
Computer Name: [redacted]
User Name: [redacted]
Display Resolution: 1920x1080
Keyboard Languages: English (United States) / Spanish (Panama)
Local Time: [redacted]
TimeZone: -5
[Hardware]
Processor: AMD Phenom(tm) II X6 1090T Processor
Cores: 6
Threads: 6
RAM: 8190 MB
VideoCard: NVIDIA GeForce 9600 GSO
[Processes]
System
Registry
smss.exe
csrss.exe
wininit.exe
services.exe
lsass.exe
svchost.exe
fontdrvhost.exe
svchost.exe
[Software]
Printer Registration - 1.9.1
Canon IJ Printer Assistant Tool - 1.60.1.15
Canon Inkjet Printer/Scanner/Fax Extended Survey Program - 6.5.2
Canon IJ Scan Utility - 1.6.1.2
Microsoft Office Enterprise 2007 - 12.0.6612.1000
Google Chrome - 131.0.6778.109
NETGEAR WNDA4100 - 1.2.0.2
XFiles (Information.txt)
Operation ID: 3a0e18ea-e2d2-d347-981f-8d27f710ba3e3a167754-3fe3-716f-ebda-f87f6aac5410
IP: 40.40.186.60
Country: US (United States)
Operating System: Windows 10
Username: Stanton
Computer Name: DESKTOP-T43JEK2
Hardware ID: 5E30421F690DE01B6E6014007152B83109C02F65
CPU (Processor): Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
GPU (Display Devices): Intel(R) HD Graphics 4600
RAM (Memory):
Screens: 1920x1080
Desktop Screenshot Taken: Yes
Windows Processes [
System
Registry
RuntimeBroker.exe
ArchiveUninstall_up_dbg.exe
CalculatorApp.exe
RuntimeBroker.exe
svchost.exe
elevation_service.exe
svchost.exe
]
TO BE IDENTIFIED
SHA256: 2eb234f7c3bf7247675428b539e9b9dfa20b4c0f11d528e1526f57e9a328cd0f
Username: Thomas
Computer name: DESKTOP-AS11AV3
OS: Windows 10.0.19044 (Workstation)
Language: ["en-US"]
Hostname: desktop-as11av3
IP: 81.52.44.111
Country: United States
City: North Charleston
Timezone:America/New_York
Cordinates:11.8771 - -31.013"Intel(R) Xeon(R) CPU @ 2.80GHz"
Microsoft Basic Display Adapter : 0 bytes : 1400 x 1050 x 4294967296 colors
SHA256: 2aeb4ffb5ea6fa0f4f04a0f92184012ff67590ad391e88675c009479b476667f
Environment INFO
-----------------------------
DESKTOP-AV33AV4
Microsoft Windows NT 6.2.9200.0
IP INFO
"ip": "11.22.111.32",
"hostname": "32.111.22.11.bc.googleusercontent.com",
"city": "The Dalles",
"region": "Oregon",
"country": "US",
"loc": "11.5946,-187.1787",
"org": "AS396982 Google LLC",
"postal": "97058",
"timezone": "America/Los_Angeles",
"readme": "https://ipinfo.io/missingauth"
GPU INFO
Microsoft Basic Display Adapter,
Running Tasks
unsecapp
svchost
RuntimeBroker
sysmon
conhost
WmiPrvSE
SppExtComObj
explorer
wininit
ChsIME
updater
sihost
sppsvc
vt-windows-event-stream
Registry
services
StartMenuExperienceHost
131.0.6778.265_131.0.6778.140_chrome_updater
fontdrvhost
forfuntest
ctfmon
winlogon
MoUsoCoreWorker
taskhostw
dllhost
pythonw
System
TrustedInstaller
TiWorker
IPCONFIG
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-AV33AV4
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hostonly
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : hostonly
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 24-47-F2-1D-D1-C1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3853:12f5:ed03:1353%10(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 19, 2024 11:07:43 AM
Lease Expires . . . . . . . . . . : Thursday, January 16, 2025 2:18:45 AM
Default Gateway . . . . . . . . . : 172.16.1.1
DHCP Server . . . . . . . . . . . : 172.16.1.1
DHCPv6 IAID . . . . . . . . . . . : 106068123
DHCPv6 Client DUID. . . . . . . . : 00-03-00-01-3E-E6-16-EF-24-97-A6-3D-D5-C5
DNS Servers . . . . . . . . . . . : 172.16.1.1
Primary WINS Server . . . . . . . : 172.16.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
关于 About
A repository of credential stealer formats
语言 Languages
YARA100.0%
提交活跃度 Commit Activity
代码提交热力图
过去 52 周的开发活跃度3
Total Commits峰值: 3次/周
LessMore