Skip to content

Instantly share code, notes, and snippets.

@idiom

idiom/xloaderstring_enum.txt

Created July 8, 2023 03:30
Show Gist options
  • Save idiom/508244358b1c7796cfc4a4031208ac48 to your computer and use it in GitHub Desktop.
Save idiom/508244358b1c7796cfc4a4031208ac48 to your computer and use it in GitHub Desktop.
Download ZIP
Enum for XLoader Decrypted Strings
Raw
xloaderstring_enum.txt
enum XLoaderStrings
{
USERNAME = 0x0,
LOCALAPPDATA = 0x1,
USERPROFILE = 0x2,
APPDATA = 0x3,
TEMP = 0x4,
ProgramFiles = 0x5,
CommonProgramFiles =0x6,
ALLUSERSPROFILE = 0x7,
slash_c_copy = 0x8,
slash_c_del = 0x9,
slash_Run = 0xa,
slash_Policies = 0xb,
slash_Explorer = 0xc,
Registry_User = 0xd,
Registry_Machine = 0xe,
SOFTWARE_Microsoft_Windows_CurrentVersion = 0xf,
Office_15_0_Outlook_Profiles_Outlook_ = 0x10,
NT_CurrentVersion_Windows_Messaging_Subsystem_Profiles_Outlook_ = 0x11,
SOFTWARE_Mozilla_Mozilla = 0x12,
Mozilla = 0x13,
Username = 0x14,
Password = 0x15,
formSubmitURL = 0x16,
usernameField = 0x17,
encryptedUsername = 0x18,
encryptedPassword = 0x19,
logins_json = 0x1a,
signons_sqlite = 0x1b,
Mail_ = 0x1c,
Foxmail = 0x1d,
Storage_ = 0x1e,
Accounts_Account_rec0 = 0x1f,
Data_AccCfg_Accounts_tdat = 0x20,
Microsoft_Vault_ = 0x21,
SELECT_encryptedUsername_encryptedPassword_formSubmitURL_FROM_moz_logins = 0x22,
Google_Chrome_User__Data_Default_Login_Data = 0x23,
SELECT_origin_url_username_value_password_value_FROM_logins = 0x24,
exe = 0x25,
com = 0x26,
scr = 0x27,
pif = 0x28,
cmd = 0x29,
bat = 0x2a,
ms = 0x2b,
win = 0x2c,
gdi = 0x2d,
mfc = 0x2e,
vga = 0x2f,
igfx = 0x30,
user = 0x31,
help = 0x32,
config = 0x33,
update = 0x34,
regsvc = 0x35,
chkdsk = 0x36,
Cookies = 0x37,
SeDebugPrivilege = 0x38,
SeShutdownPrivilege = 0x39,
BaseNamedObjects = 0x3a,
config_php = 0x3b,
POST = 0x3c,
HTTP_1_1 = 0x3d,
Host = 0x3e,
Connection_close = 0x3f,
Content_Length = 0x40,
Cache_Control_no_cache = 0x41,
Origin_http = 0x42,
User_Agent_Mozilla_Firefox_4_0 = 0x43,
Content_Type_application_x_www_form_urlencoded = 0x44,
Accept_star = 0x45,
Referer_http = 0x46,
Accept_Language_en_US = 0x47,
Accept_Encoding_gzip_deflate_dat = 0x48,
f_start = 0x49,
domain_1 = 0x4a,
domain_2 = 0x4b,
domain_3= 0x4c,
domain_4 = 0x4d,
domain_5 = 0x4e,
domain_6 = 0x4f,
domain_7 = 0x50,
domain_8 = 0x51,
domain_9 = 0x52,
domain_10 = 0x53,
domain_11 = 0x54,
domain_12 = 0x55,
domain_13= 0x56,
domain_14 = 0x57,
domain_15 = 0x58,
domain_16 = 0x59,
domain_17 = 0x5a,
domain_18 = 0x5b,
domain_19 = 0x5c,
domain_20 = 0x5d,
domain_21 = 0x5e,
domain_22 = 0x5f,
domain_23 = 0x60,
domain_24 = 0x61,
domain_25 = 0x62,
domain_26 = 0x63,
domain_27 = 0x64,
domain_28 = 0x65,
domain_29 = 0x66,
domain_30 = 0x67,
domain_31 = 0x68,
domain_32 = 0x69,
domain_33 = 0x6a,
domain_34 = 0x6b,
domain_35 = 0x6c,
domain_36 = 0x6d,
domain_37 = 0x6e,
domain_38 = 0x6f,
domain_39 = 0x70,
domain_40 = 0x71,
domain_41 = 0x72,
domain_42 = 0x73,
domain_43 = 0x74,
domain_44 = 0x75,
domain_45 = 0x76,
domain_46 = 0x77,
domain_47 = 0x78,
domain_48 = 0x79,
domain_49 = 0x7a,
domain_50 = 0x7b,
domain_51 = 0x7c,
domain_52 = 0x7d,
domain_53 = 0x7e,
domain_54 = 0x7f,
domain_55 = 0x80,
domain_56 = 0x81,
domain_57 = 0x82,
domain_58 = 0x83,
domain_59 = 0x84,
domain_60 = 0x85,
domain_61 = 0x86,
domain_62 = 0x87,
domain_63 = 0x88,
domain_64 = 0x89,
f_end = 0x8a
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment