Static | ZeroBOX

PE Compile Time

2024-08-16 02:30:19

PE Imphash

f34d5f2d4577ed6d9ceec516c1f5a744

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00002000 0x0002b1c4 0x0002b200 5.92425199792
.rsrc 0x0002e000 0x00000600 0x00000600 4.02950431211
.reloc 0x00030000 0x0000000c 0x00000200 0.101910425663

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0002e0a0 0x0000030c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0002e3ac 0x000001ea LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

Library mscoree.dll:
0x402000 _CorExeMain

!This program cannot be run in DOS mode.
`.rsrc
@.reloc
% r>'
%'r.2
%(rL2
%)rf2
%0r 3
%1r63
%2rP3
%3rp3
%8r&4
%9rH4
%:rv4
%?rF5
%@rj5
KDBM(
Y_c
Y_c
% r>'
%%r;}
%'ra}
%(rL2
%)rf2
%0r 3
%1r63
%2rP3
%3rp3
%8r&4
%9rH4
%:rv4
%?rF5
%@rj5
i Yox
i Yox
'\e(8iY
mhttps://github.com/LimerBoy/StormKitty
L[a2/A?
^B09SH
v4.0.30319
#Strings
WorldWindClient.exe
WorldWindClient
mscorlib
System
System.Drawing
System.Core
System.Windows.Forms
System.Management
System.Net.Http
System.IO.Compression.FileSystem
System.Xml
System.Security
Microsoft.VisualBasic
Microsoft.CSharp
iphlpapi.dll
avicap32.dll
user32
vaultcli.dll
bcrypt.dll
crypt32.dll
user32.dll
kernel32.dll
ntdll.dll
<Module>
JSONNodeType
SimpleJSON
value__
Object
String
Number
NullValue
Boolean
Custom
JSONTextMode
Compact
Indent
JSONNode
forceASCII
longAsString
allowLineComments
m_EscapeBuilder
StringBuilder
System.Text
ThreadStaticAttribute
get_Tag
get_Item
aIndex
set_Item
get_Value
set_Value
get_Count
get_IsNumber
get_IsString
get_IsBoolean
get_IsNull
get_IsArray
get_IsObject
get_Inline
set_Inline
Remove
get_Children
IEnumerable`1
System.Collections.Generic
IteratorStateMachineAttribute
System.Runtime.CompilerServices
get_DeepChildren
HasKey
GetValueOrDefault
aDefault
ToString
aIndent
WriteToStringBuilder
aIndentInc
GetEnumerator
get_Linq
KeyValuePair`2
get_Keys
get_Values
CultureInfo
System.Globalization
get_InvariantCulture
Double
TryParse
NumberStyles
IFormatProvider
get_AsDouble
set_AsDouble
get_AsInt
set_AsInt
get_AsFloat
set_AsFloat
IsNullOrEmpty
get_AsBool
set_AsBool
get_AsLong
set_AsLong
get_AsArray
get_AsObject
op_Implicit
aKeyValue
Equals
op_Equality
op_Inequality
GetHashCode
get_EscapeBuilder
set_Length
get_Capacity
get_Length
set_Capacity
get_Chars
Append
UInt16
Escape
ToLower
ParseElement
quoted
Stack`1
Exception
Substring
.cctor
IsNumber
IsString
IsBoolean
IsNull
IsArray
IsObject
Inline
Children
DeepChildren
Values
AsDouble
AsFloat
AsBool
AsLong
AsArray
AsObject
EscapeBuilder
DefaultMemberAttribute
System.Reflection
Enumerator
ValueType
m_Object
Dictionary`2
m_Array
List`1
get_IsValid
aArrayEnum
aDictEnum
get_Current
MoveNext
IsValid
Current
ValueEnumerator
m_Enumerator
aEnumerator
KeyEnumerator
get_Key
LinqEnumerator
IEnumerator`1
IDisposable
IEnumerator
System.Collections
IEnumerable
m_Node
System.Collections.IEnumerator.get_Current
Dispose
System.Collections.IEnumerable.GetEnumerator
System.Collections.IEnumerator.Current
<get_Children>d__42
<>1__state
<>2__current
<>l__initialThreadId
Environment
get_CurrentManagedThreadId
DebuggerHiddenAttribute
System.Diagnostics
System.IDisposable.Dispose
System.Collections.Generic.IEnumerator<SimpleJSON.JSONNode>.get_Current
NotSupportedException
System.Collections.IEnumerator.Reset
System.Collections.Generic.IEnumerable<SimpleJSON.JSONNode>.GetEnumerator
System.Collections.Generic.IEnumerator<SimpleJSON.JSONNode>.Current
CompilerGeneratedAttribute
<get_DeepChildren>d__44
<>4__this
<>7__wrap1
<>7__wrap2
<>m__Finally1
<>m__Finally2
JSONArray
m_List
inline
RemoveAt
AppendLine
<get_Children>d__23
JSONObject
m_Dict
ContainsKey
Enumerable
System.Linq
ElementAt
NewGuid
Func`2
TryGetValue
<>c__DisplayClass21_0
<Remove>b__0
<get_Children>d__26
JSONString
m_Data
JSONNumber
UInt32
Single
Decimal
UInt64
IsNumeric
Convert
ToDouble
JSONBool
JSONNull
m_StaticInstance
reuseSameInstance
CreateOrGet
JSONLazyCreator
Program
Client
PasswordsStoreDirectory
ServicePointManager
System.Net
set_Expect100Continue
set_SecurityProtocol
SecurityProtocolType
Thread
System.Threading
ToInt32
ToBoolean
Console
WriteLine
Directory
System.IO
Exists
CreateDirectory
DirectoryInfo
Concat
Combine
Settings
TelegramToken
TelegramChatID
Version
Install
InstallFolder
InstallFile
Certificate
Serversignature
ServerCertificate
X509Certificate2
System.Security.Cryptography.X509Certificates
aes256
Pastebin
Encoding
get_UTF8
FromBase64String
GetString
InitializeSettings
get_PublicKey
PublicKey
AsymmetricAlgorithm
System.Security.Cryptography
RSACryptoServiceProvider
GetBytes
CryptoConfig
MapNameToOID
VerifyHash
SystemInfo
username
compname
culture
datenow
SendARP
destIp
macAddr
physicalAddrLen
Rectangle
Screen
GetBounds
get_Width
get_Height
ScreenMetrics
BatteryChargeStatus
SystemInformation
get_PowerStatus
PowerStatus
get_BatteryChargeStatus
get_BatteryLifePercent
GetBattery
ManagementObjectSearcher
ManagementObjectCollection
ManagementObjectEnumerator
ManagementBaseObject
ManagementObject
TrimStart
TrimEnd
GetWindowsVersionName
Registry
Microsoft.Win32
LocalMachine
RegistryKey
OpenSubKey
GetValue
Contains
GetBitVersion
GetSystemVersion
GetHardwareID
NetworkInterface
System.Net.NetworkInformation
GetAllNetworkInterfaces
GatewayIPAddressInformation
SelectMany
IPAddress
Select
FirstOrDefault
GetDefaultGateway
get_MachineName
ToArray
GetAntivirus
GetHostName
GetHostEntry
IPHostEntry
get_AddressList
get_AddressFamily
AddressFamily
System.Net.Sockets
GetLocalIP
WebClient
RuntimeHelpers
InitializeArray
RuntimeFieldHandle
DownloadString
Replace
GetPublicIP
GetAddressBytes
BitConverter
GetBSSID
GetLocation
GetCPUName
GetGPUName
GetRamAmount
DateTime
get_UserName
get_CurrentCulture
get_Now
<>9__11_0
<>9__11_1
<>9__11_2
<>9__11_3
<>9__11_4
get_OperationalStatus
OperationalStatus
<GetDefaultGateway>b__11_0
get_NetworkInterfaceType
NetworkInterfaceType
<GetDefaultGateway>b__11_1
GetIPProperties
IPInterfaceProperties
get_GatewayAddresses
GatewayIPAddressInformationCollection
<GetDefaultGateway>b__11_2
get_Address
<GetDefaultGateway>b__11_3
<GetDefaultGateway>b__11_4
telegram
TelegramCommandCheckDelay
MaxKeylogs
TelegramBotAPI
LatestMessageIdLocation
KeylogsHistory
waitCommandsThread
waitThreadIsBlocked
waitForUnblock
Format
waitCommands
HttpClient
MultipartFormDataContent
ReadAllBytes
ByteArrayContent
HttpContent
PostAsync
Task`1
System.Threading.Tasks
HttpResponseMessage
HttpMessageInvoker
sendFile
set_UseDefaultCredentials
sendText
sendImage
sendVoice
sendLocation
StartsWith
GetFileName
DownloadFile
GetFullPath
Delete
AppendAllText
UploadKeylogs
ReadAllText
GetLatestMessageId
ReadAllLines
Reverse
ToList
GetKeylogsHistory
ZipFile
System.IO.Compression
CreateFromDirectory
UploadFile
removeAfterUpload
EditMessage
SendMessage
System.Text.RegularExpressions
Capture
GetMessageId
response
WriteAllText
SetLatestMessageId
sendConnection
ThreadStart
Config
Client.Modules
ClipperAddresses
KeyloggerServices
BankingServices
CryptoServices
PornServices
GrabberSizeLimit
GrabberFileTypes
StringsCrypt
ArchivePassword
saltBytes
cryptKey
github
AnonApiToken
Random
Create
HashAlgorithm
ComputeHash
GenerateRandomData
MemoryStream
RijndaelManaged
Rfc2898DeriveBytes
CryptoStream
SymmetricAlgorithm
set_KeySize
set_BlockSize
get_KeySize
DeriveBytes
set_Key
get_BlockSize
set_IV
set_Mode
CipherMode
CreateDecryptor
ICryptoTransform
Stream
CryptoStreamMode
Decrypt
bytesToBeDecrypted
DecryptConfig
<>9__4_0
<GenerateRandomData>b__4_0
FileZilla
Client.Modules.Passwords.Targets
GetFolderPath
SpecialFolder
GetPswPath
XmlNode
XmlDocument
GetElementsByTagName
XmlNodeList
XmlElement
get_InnerText
FormatPassword
pPassword
WritePasswords
pPasswords
sSavePath
Wallets
sWalletsDirectories
sWalletsRegistry
GetWallets
sSaveDir
CopyWalletFromDirectoryTo
sWalletDir
sWalletName
CurrentUser
CopyWalletFromRegistryTo
sWalletRegistry
NordVPN
Client.Modules.Passwords.Targets.VPN
ProtectedData
Unprotect
DataProtectionScope
Decode
FileSystemInfo
get_Exists
GetDirectories
get_FullName
get_Name
SelectSingleNode
OpenVPN
GetFiles
GetExtension
ProtonVPN
GetDirectoryName
ActiveWindows
Client.Modules.Passwords.Targets.System
Process
GetProcesses
get_MainWindowTitle
get_ProcessName
get_Id
WriteWindows
DesktopScreenshot
Bitmap
Graphics
FromImage
get_Size
CopyFromScreen
ImageFormat
System.Drawing.Imaging
get_Jpeg
DirectoryTree
TargetDirs
FileInfo
Repeat
UnauthorizedAccessException
GetDirectoryTree
indentation
maxLevel
DriveInfo
GetDrives
get_DriveType
DriveType
get_IsReady
get_RootDirectory
SaveDirectories
GetEnvironmentVariable
FileGrabber
SavePath
RecordFileType
DetectFileType
ExtensionName
get_Extension
GetPathRoot
CopyTo
GrabFile
AccessViolationException
GrabDirectory
get_IsAlive
<>c__DisplayClass6_0
<Run>b__0
ProcessList
WriteProcesses
get_MainModule
ProcessModule
get_FileName
ProcessExecutablePath
process
ProductKey
Insert
DecodeProductKeyWin8AndUp
digitalProductId
ArrayList
DecodeProductKey
GetWindowsProductKeyFromDigitalProductId
digitalProductIdVersion
get_Is64BitOperatingSystem
OpenBaseKey
RegistryHive
RegistryView
get_OSVersion
OperatingSystem
get_Version
get_Major
get_Minor
GetWindowsProductKeyFromRegistry
DigitalProductIdVersion
UpToWindows7
Windows8AndUp
WebcamScreenshot
Handle
capCreateCaptureWindowA
lpszWindowName
dwStyle
nWidth
nHeight
hwndParent
wParam
lParam
GetConnectedCamerasCount
Clipboard
GetDataObject
IDataObject
DataFormats
GetData
StringSplitOptions
LastIndexOf
GetProfiles
GetPassword
profile
ScanningNetworks
SavedNetworks
Discord
Client.Modules.Passwords.Targets.Messengers
TokenRegex
DiscordDirectories
WriteDiscord
lcDicordTokens
CopyLevelDb
get_Headers
WebHeaderCollection
NameValueCollection
System.Collections.Specialized
TokenState
GetTempPath
EndsWith
get_Success
GetTokens
Pidgin
PidginPath
XmlTextReader
XmlReader
get_DocumentElement
get_ChildNodes
get_ItemOf
GetAccounts
Telegram
GetProcessesByName
GetTdata
GetTelegramSessions
Minecraft
Client.Modules.Passwords.Targets.Gaming
MinecraftPath
GetCreationTime
SaveVersions
SaveMods
SaveScreenshots
SaveServers
SaveProfiles
SaveAll
GetSubKeyNames
GetSteamSession
GetUplaySession
cBrowserUtils
Client.Modules.Passwords.Targets.Browsers
FormatCreditCard
FormatCookie
cCookie
FormatAutoFill
FormatHistory
FormatBookmark
bBookmark
WriteCookies
cCookies
WriteAutoFill
aFills
WriteHistory
sHistory
WriteBookmarks
bBookmarks
WriteCreditCards
Recovery
Client.Modules.Passwords.Targets.Browsers.Internet_Explorer
cPasswords
FieldInfo
GetTypeFromHandle
RuntimeTypeHandle
IntPtr
Marshal
System.Runtime.InteropServices
PtrToStructure
ToInt64
SizeOf
op_Explicit
GetType
GetField
ReadIntPtr
PtrToStringUni
ReadByte
ReadInt16
ReadInt32
SecurityIdentifier
System.Security.Principal
IdentityReference
<Get>g__GetVaultElementValue|0_0
vaultElementPtr
VaultCli
VaultOpenVault
vaultGuid
offset
vaultHandle
VaultCloseVault
VaultFree
VaultEnumerateVaults
vaultCount
VaultEnumerateItems
chunkSize
vaultItemCount
vaultItem
VaultGetItem_WIN8
schemaId
pResourceElement
pIdentityElement
pPackageSid
passwordVaultPtr
VaultGetItem
VaultGetItem_WIN7
VAULT_ELEMENT_TYPE
Undefined
UnsignedShort
UnsignedInt
ByteArray
TimeStamp
ProtectedArray
Attribute
VAULT_SCHEMA_ELEMENT_ID
Illegal
Resource
Identity
Authenticator
PackageSid
AppStart
AppEnd
VAULT_ITEM_WIN8
SchemaId
pszCredentialFriendlyName
pAuthenticatorElement
LastModified
dwFlags
dwPropertiesCount
pPropertyElements
VAULT_ITEM_WIN7
VAULT_ITEM_ELEMENT
SchemaElementId
cBookmarks
Client.Modules.Passwords.Targets.Browsers.Firefox
GetBookmarksDBPath
GetCookiesDBPath
cHistory
GetHistoryDBPath
cLogins
keyFiles
CopyDatabaseFile
SearchOption
GetDBFiles
Autofill
Client.Modules.Passwords.Targets.Browsers.Edge
sWebData
Bookmarks
sBookmarks
CreditCards
cAesGcm
Client.Modules.Passwords.Targets.Browsers.Chromium
CryptographicException
FreeHGlobal
cipherText
authTag
MaxAuthTagSize
get_Unicode
OpenAlgorithmProvider
provider
chainingMode
AllocHGlobal
ImportKey
GetProperty
Buffer
BlockCopy
arrays
ParamArrayAttribute
cBCrypt
ERROR_SUCCESS
BCRYPT_PAD_PSS
BCRYPT_PAD_OAEP
BCRYPT_KEY_DATA_BLOB_MAGIC
BCRYPT_OBJECT_LENGTH
BCRYPT_CHAIN_MODE_GCM
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_CHAINING_MODE
BCRYPT_KEY_DATA_BLOB
BCRYPT_AES_ALGORITHM
MS_PRIMITIVE_PROVIDER
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
STATUS_AUTH_TAG_MISMATCH
BCryptOpenAlgorithmProvider
phAlgorithm
pszAlgId
pszImplementation
BCryptCloseAlgorithmProvider
hAlgorithm
BCryptGetProperty
hObject
pszProperty
pbOutput
cbOutput
pcbResult
BCryptSetAlgorithmProperty
pbInput
cbInput
BCryptSetProperty
BCryptImportKey
hImportKey
pszBlobType
pbKeyObject
cbKeyObject
BCryptDestroyKey
BCryptEncrypt
pPaddingInfo
BCryptDecrypt
BCRYPT_PSS_PADDING_INFO
cbSalt
BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO
cbSize
dwInfoVersion
pbNonce
cbNonce
pbAuthData
cbAuthData
pbMacContext
cbMacContext
cbData
BCRYPT_KEY_LENGTHS_STRUCT
dwMinLength
dwMaxLength
dwIncrement
BCRYPT_OAEP_PADDING_INFO
pbLabel
cbLabel
Parser
separator
RemoveLatest
DetectTitle
IndexOutOfRangeException
Crypto
sPrevBrowserPath
sPrevMasterKey
CryptUnprotectData
pCipherText
pszDescription
pEntropy
pReserved
pPrompt
pPlainText
DPAPIDecrypt
bCipher
bEntropy
RegexOptions
Matches
MatchCollection
get_Groups
GroupCollection
GetMasterKey
sLocalStateFolder
get_Default
GetUTF8
sNonUtf8
DecryptWithKey
bEncryptedData
bMasterKey
GetParent
get_Parent
EasyDecrypt
sLoginData
sPassword
BrowserPathToAppName
CryptprotectPromptstruct
dwPromptFlags
hwndApp
szPrompt
DataBlob
pbData
Cookies
ToUpper
sCookie
Downloads
History
Stealer
Banking
Client.Modules.Passwords.Helpers
CreditCardTypes
get_Host
GetFileNameWithoutExtension
get_TextInfo
TextInfo
ToTitleCase
UriFormatException
AppendValue
domains
DetectCryptocurrencyServices
DetectBankingServices
DetectPornServices
ScanData
DetectCreditCardType
number
Password
<sUrl>k__BackingField
<sUsername>k__BackingField
<sPassword>k__BackingField
get_sUrl
set_sUrl
get_sUsername
set_sUsername
get_sPassword
set_sPassword
sUsername
Cookie
<sHostKey>k__BackingField
<sName>k__BackingField
<sPath>k__BackingField
<sExpiresUtc>k__BackingField
<sKey>k__BackingField
<sValue>k__BackingField
<sIsSecure>k__BackingField
get_sHostKey
set_sHostKey
get_sName
set_sName
get_sPath
set_sPath
get_sExpiresUtc
set_sExpiresUtc
get_sKey
set_sKey
get_sValue
set_sValue
get_sIsSecure
set_sIsSecure
sHostKey
sExpiresUtc
sValue
sIsSecure
CreditCard
<sNumber>k__BackingField
<sExpYear>k__BackingField
<sExpMonth>k__BackingField
get_sNumber
set_sNumber
get_sExpYear
set_sExpYear
get_sExpMonth
set_sExpMonth
sNumber
sExpYear
sExpMonth
AutoFill
<sTitle>k__BackingField
<iCount>k__BackingField
get_sTitle
set_sTitle
get_iCount
set_iCount
sTitle
iCount
Bookmark
Counter
Passwords
FTPHosts
SavedWifiNetworks
GrabberDocuments
GrabberSourceCodes
GrabberDatabases
GrabberImages
DetectedBankingServices
DetectedCryptoServices
DetectedPornServices
GetSValue
application
GetIValue
GetLValue
GetBValue
success
failed
sChromiumPswPaths
sGeckoBrowserPaths
EdgePath
appdata
lappdata
InitWorkDir
Report
CreateReport
SQLite
_sqlDataTypeSize
_dbEncoding
_fileBytes
_pageSize
_fieldNames
_masterTableEntries
_tableEntries
fileName
rowNum
GetRowCount
Resize
get_BigEndianUnicode
ReadTableFromOffset
ReadMasterTable
Compare
StringComparison
IndexOf
ReadTable
tableName
ConvertToULong
startIndex
startIdx
endIdx
RecordHeaderField
TableEntry
Content
SqliteMasterEntry
ItemName
RootNum
SqlStatement
SqlReader
GetTempFileName
database
AnonFile
Client.Modules.Manager
get_ASCII
Upload
ClipboardManager
PrevClipboard
ClipboardText
MainThread
CommandHelper
ProcessStartInfo
set_UseShellExecute
set_CreateNoWindow
set_WindowStyle
ProcessWindowStyle
set_FileName
set_Arguments
set_RedirectStandardError
set_RedirectStandardOutput
set_StartInfo
get_StandardOutput
StreamReader
TextReader
ReadToEnd
WaitForExit
Filemanager
RecursiveDelete
CopyDirectory
sourceFolder
destFolder
DirectorySize
<>9__2_0
<>9__2_1
<DirectorySize>b__2_0
<DirectorySize>b__2_1
GetFlag
ZipLib
get_LocalPath
WebException
LoadRemoteLibrary
library
TokenIsValid
SendSystemInfo
SendReport
WindowManager
ActiveWindow
functions
Action
GetForegroundWindow
GetWindowThreadProcessId
lpdwProcessId
GetProcessById
IsNullOrWhiteSpace
GetActiveWindowTitle
Invoke
EventManager
Client.Modules.Keylogger
KeyloggerDirectory
Detect
SendKeyLogs
Keylogger
WM_KEYDOWN
WHKEYBOARDLL
_hookID
KeyloggerEnabled
KeyLogs
PrevActiveWindowTitle
SetWindowsHookEx
idHook
dwThreadId
UnhookWindowsHookEx
CallNextHookEx
GetModuleHandle
lpModuleName
GetKeyState
keyCode
GetKeyboardState
lpKeyState
GetKeyboardLayout
idThread
ToUnicodeEx
wVirtKey
wScanCode
pwszBuff
cchBuff
wFlags
MapVirtualKey
uMapType
Application
StartKeylogger
GetCurrentProcess
SetHook
get_NewLine
HookCallback
KeyboardLayout
vkCode
LowLevelKeyboardProc
MulticastDelegate
object
method
BeginInvoke
IAsyncResult
AsyncCallback
callback
EndInvoke
result
PornDetection
LogDirectory
SendPhotos
AntiAnalysis
Client.Modules.Implant
CheckRemoteDebuggerPresent
hProcess
isDebuggerPresent
get_Handle
Debugger
get_Ticks
Emulator
Hosting
Processes
SandBox
ToUpperInvariant
GetPropertyValue
VirtualBox
MessageBox
DialogResult
MessageBoxButtons
MessageBoxIcon
FakeErrorMessage
MutexControl
SelfDestruct
StreamWriter
Assembly
GetExecutingAssembly
get_Location
AppendText
TextWriter
FailFast
StartDelay
SleepMin
SleepMax
Startup
StartupDirectory
ExecutablePath
CopyExecutableTo
get_Year
SetCreationTime
SetLastWriteTime
SetLastAccessTime
SetFileCreationDate
get_Attributes
FileAttributes
set_Attributes
HideFile
IsInstalled
IsFromStartup
GetEntryAssembly
Client.Modules.Clipper
SetApartmentState
ApartmentState
GetText
SetText
<>c__DisplayClass0_0
ReturnValue
<GetText>b__0
<>c__DisplayClass1_0
<SetText>b__0
Clipper
RegexPatterns
PatternsList
BytesTools
Client.MessagePack
utf8Encode
UTF8Encoding
GetUtf8Bytes
utf8Bytes
BytesAsString
BytesAsHexString
SwapBytes
SwapInt64
SwapInt32
SwapInt16
SwapDouble
MsgPackEnum
children
position
System.Collections.IEnumerator.MoveNext
MsgPackArray
msgpackObj
listObj
Length
MsgPack
lowerName
innerValue
valueType
parent
refAsArray
SetName
InnerAdd
FindObject
InnerAddMapChild
InnerAddArrayChild
AddArrayChild
WriteByte
WriteMap
WirteArray
SetAsInteger
SetAsUInt64
ToUInt64
GetAsUInt64
GetAsInteger
GetAsFloat
SetAsBytes
ToBinary
GetAsBytes
FileStream
FileMode
FileAccess
FileShare
LoadFileAsBytes
SaveBytesToFile
ForcePathObject
SetAsNull
SetAsString
GetAsString
SetAsBoolean
SetAsSingle
SetAsFloat
set_Position
DecodeFromBytes
DecodeFromFile
ToUInt16
ToSingle
ToUInt32
ToInt16
DecodeFromStream
Encode2Bytes
Encode2Stream
get_AsString
set_AsString
get_AsInteger
set_AsInteger
Monitor
get_ValueType
AsString
AsInteger
MsgPackType
Unknown
Integer
Binary
ReadTools
ReadString
strFlag
WriteTools
WriteNull
WriteString
strVal
WriteBinary
rawBytes
WriteFloat
WriteSingle
WriteBoolean
WriteUInt64
WriteInteger
GZipStream
CompressionMode
Decompress
Compress
NormalStartup
Client.Install
ExpandEnvironmentVariables
Strings
StrReverse
RegistryKeyPermissionCheck
SetValue
set_ErrorDialog
Anti_Analysis
Client.Helper
RunAntiAnalysis
get_SystemDirectory
get_TotalSize
IsSmallDisk
ComputerInfo
Microsoft.VisualBasic.Devices
get_OSFullName
DetectManufacturer
DetectDebugger
DetectSandboxie
HwidGen
get_ProcessorCount
MD5CryptoServiceProvider
GetHash
strToHash
IdSender
get_ExecutablePath
get_LastWriteTime
ToUniversalTime
SendInfo
Methods
WindowsIdentity
GetCurrent
WindowsPrincipal
IsInRole
WindowsBuiltInRole
IsAdmin
Socket
ClientOnExit
Antivirus
ImageCodecInfo
GetImageDecoders
get_FormatID
get_Guid
GetEncoder
format
PreventSleep
currentApp
CreateMutex
WaitHandle
CloseMutex
NativeMethods
GetWindowText
SetThreadExecutionState
esFlags
RtlSetProcessIsCritical
EXECUTION_STATE
ES_CONTINUOUS
ES_DISPLAY_REQUIRED
ES_SYSTEM_REQUIRED
ProcessCritical
SystemEvents_SessionEnding
SessionEndingEventArgs
sender
SessionEndingEventHandler
SystemEvents
add_SessionEnding
EnterDebugMode
SetRegistry
CreateSubKey
RegistryValueKind
get_Message
DeleteValue
DeleteSubKeyTree
DeleteSubKey
Packet
Client.Handle_Packet
AppDomain
get_CurrentDomain
Activator
CreateInstance
CSharpArgumentInfo
Microsoft.CSharp.RuntimeBinder
CSharpArgumentInfoFlags
Binder
InvokeMember
CallSiteBinder
CSharpBinderFlags
CallSite`1
Action`10
CallSite
Target
unpack_msgpack
Received
<>o__2
<>p__0
ClientSocket
Client.Connection
<TcpClient>k__BackingField
<SslClient>k__BackingField
SslStream
System.Net.Security
<Buffer>k__BackingField
<HeaderSize>k__BackingField
<Offset>k__BackingField
<KeepAlive>k__BackingField
<IsConnected>k__BackingField
<SendSync>k__BackingField
<Ping>k__BackingField
<Interval>k__BackingField
<ActivatePong>k__BackingField
get_TcpClient
set_TcpClient
get_SslClient
set_SslClient
get_Buffer
set_Buffer
get_HeaderSize
set_HeaderSize
get_Offset
set_Offset
get_KeepAlive
set_KeepAlive
get_IsConnected
set_IsConnected
get_SendSync
get_Ping
set_Ping
get_Interval
set_Interval
get_ActivatePong
set_ActivatePong
NetworkCredential
SocketType
ProtocolType
set_ReceiveBufferSize
set_SendBufferSize
GetHostAddresses
Connect
get_Connected
set_Credentials
ICredentials
NetworkStream
RemoteCertificateValidationCallback
get_RemoteEndPoint
EndPoint
AuthenticateAsClient
X509CertificateCollection
SslProtocols
System.Security.Authentication
TimerCallback
BeginRead
InitializeClient
CheckHostName
UriHostNameType
IsValidDomainName
X509Certificate
ValidateServerCertificate
X509Chain
SslPolicyErrors
certificate
sslPolicyErrors
Reconnect
EndRead
ParameterizedThreadStart
ReadServertData
SelectMode
Collect
KeepAlivePacket
TcpClient
SslClient
HeaderSize
Offset
KeepAlive
IsConnected
SendSync
Interval
ActivatePong
Aes256
Client.Algorithm
KeyLength
AuthKeyLength
IvLength
HmacSha256Length
_authKey
ArgumentException
masterKey
ToBase64String
Encrypt
AesCryptoServiceProvider
HMACSHA256
ArgumentNullException
set_Padding
PaddingMode
GenerateIV
CreateEncryptor
get_IV
FlushFinalBlock
AreEqual
Sha256
SHA256Managed
<PrivateImplementationDetails>
00F45B18720CF90093967548198B72DB662917AB9D3BF26582BAC88BCEBABDB8
0296D458811879A7CC04B6F85C52DEE81EE432EAD4E5765F051459B7F02CE1AC
064ACC46CE47C1A29B9D27B9D71B070821B627C96B594BAC77D236C37EC2CCE6
0FAAA1B82B57C8DDDC82E0F99608244BE805FEF53B4B7CD47D6E398EDF3EBB7D
143CDFB281A50A6468F7C1991D0FEDA05655ED447DACA6B3F3BCCA90446E723B
1B31AC76D464F22FCBDE794043D4533B09B5154FA12F2A510B042D64D7F674A7
1DB2A1F9902B35F8F880EF1692CE9947A193D5A698D8F568BDA721658ED4C58B
215470030B0DA49A7329BA30F0A38AD32EC6E7AAB0A17C2AB501FEFDD688A3D1
2758F11D171C684E6D95159D46260BE6438DAD2764618E91687E9E0AEAC641FC
28496878C202D72EEC073359CF7783F1765A4C5CDF405FA79CE14256F0D4E501
2B38E92B45133A428979663D2C689C7151AA9D52DE967EC144A74261643F940B
2C2BF31442CC411C190EBB5A86AE745DA3C8B779A40E0BE71E99D462ED5503F0
2F75BC07EC20D301A21E6623F93A77F6A658D1BB5412D591BF1A3C047060D243
2FAE78BDFE8022A734B50102E5AAAAD1BA2BB7AD72AAB6DECC21EF57D6DFE421
3E471BEB9C4B699F9DBF2C4C30AD2DB5A2E93120A2AA6F2C4923FCC1BB456922
42D76814205DCCDE199937F4024AFDD40F59A577C59AD64BBAF1511E31E09648
489804EB6063B4C4D2E6D0B2D9E89A9AE050854562A681691C1A041E7B96D3C3
4957FD0951018A72CA86C078BC1F6B094E80D0CEF42ABDA6C07D7ED6BD14B775
4ACDF780C59C51FA1663A503E275650BA7099CACB51E54889D693D1316BF81EE
5506141862EC002C0B6A1CE9E5133BEA4C9E2B0A2874B340618309782AFC7472
5557709438ED1B088DC09DE5600B83D093CCA9861267CE93220F00ECD8D19F04
559BF8B5954AE426820AE9C13224E30D541C15401277A017B0FDA7BF39E381CB
58296A48DE2339726082A58F51C1BC656E21D6F735C5C42603518B4C8F9AAE30
5DE1095525AB303CB1757E42A4D855AFD36C459D66738BB6D29EC4EFDABF9EB6
625B1FA8EEFB9345CB2D80CDA3F78B5244D70DCB459672425C6AA7DD95FBB8F9
6C56BD00410C5FA60309B238EED42CFC1A6220172A54CD8D230165B65534A0BD
6D19E80E711937EC8EE72041A1BD75D33F4C76E03210863CD343F584F3CD07E2
746183F1318C28F724CFE8B949E669E523944C8C9123C416BFB2DB7832172A02
7A769000E553478A16851DBBA454E822F03DB7C01B83809B4F5EC163F7D977BC
7D78CB380BF5EFB7B851409CA6A875F77DECF09D19B9149DA17A3EBF674BC0F9
7FA01FA7C14EB995D3D3BEFA2652AC0FF088D5D7124283029658722E6FDD1F72
843991BD752E8C2C833B29AD5C915D1D94DC3F19FC14C1C8DCF720D5557A281E
84CDC3B9C7D6E1967A6EA1F24F2D6EEF32880F0874A2609A082EF83268D008EF
86D45C838620BD08CBFC6C4C730273D4BF33AD9593E495D84F08F858B511678A
87639126EA77B358F26532367DBA67C5310EF50A8D9888ED070CD40E1F605A8F
8A11076CD284CF6F743D5D11778D242CBF3D91BCA53B6D43EE4DACF465E452FC
8B50B05A3346D82FE685DF445B7EE749C33B9BAA114363A578CEE3EDBACB7B43
956066B197B0FDDE9C9C9D6DBCC411ECFBC0A9A012AC9BC2CD775065BB27DF9E
9F4785B3A7FCE2DB47B762BD03298BC60B643A91C35D994BB012774200919455
A223DB41D9BFBC0280EBD0050A8BBD8EA7A943B251C8FD2D0B01A040462EDB0B
A25CC6D70519A408CEA3AE72EBFF915335C6E6E613B18720FA746D0D8056559B
A4956ED9AA7996A00C7593BFFCBDB3FBE5A11F729876DF9AC5A1A33EF3EFE3A2
A515425C81DC183149AF8B446E168A9509399B54129E92DAC27E19364B0D7B86
A8F810D24584EC3B7929D304606C2DD1E44F852CA90C291ED8CC398AA3F07FD3
A981F5EDD35DDFF3F41F44A598272BBEAFA5F5B9C1595DC02FC6044CE81BE666
ACDCB1AFB15194F894860BA7E2B85B91B6E5AB701407DFBAC51146F0C6E53B6F
ACDF4A22C9359C1328E1CC966BC6C0D0D95B468AF46466FFAEC92C411050E17B
B13E9C3A5B8F99AF560FC7A95C71949837EF760B7A323235860799D5A5CEC402
B28DB940EDE70686E870504AE41CB6EEAE634B9858DF6B5AEAB3958AA115A5E1
BF8CAA158736480861E8F91826FFFA6545B27C3EC30153CA68330811329C2A8E
CAB1D35DDB8E2426F9750F1040D87B301146E2BFAB7CF292C14EC1133A2ACB37
CE8979E74A40B6869BD5BED7E5610AA981486221166D6F6E65F3B34BF501B8DD
CEB1CC71FC33A5B2E3A8E0727D334A0B236251779D5BAF438C965B4FB341F460
D1122CBAC0181399211D87194C074D59AFB2D07C75AE662A311456EAE98EC762
D170DC7768D26A111EF0E7B910988BFC4ACBCA3BE6A5B476EED1F48C70040F93
D34744097C47A68524784440E5E8B09EB1A3DFBAEF6189BD004DE294DF759194
D3709EF761A0DEFC0ABE47CF9B3476718CE15F873291CF43E1AE3DC080DE5523
D61B7716B5AD4A42CC6C9300587B2C389EB40C3E8BF9B039E7DB98097247DC1B
D7E5EF66EF856B3135E139EF1DDD2F24799A0637FE1AA7571687AF9FF5564CE6
DB70F0991D15CA6C24254AD83CB905F5F431EF1F382DA4C6F0C370EEFE415F92
E0CFAA5A692BF7845AE59939493B0B96CCFFDACB3413C4CB3CD461DDE28C3D0D
ED06011300B63B14B8F702202BEDBD14BAE5D9223AEB0E1A3821C1B87E5CE2C5
F28AE27DD8812234DDF5415F8A106C988C96F8937B0F08B8B22893837E8816F6
F54AB64266711BE5B5810852C39D733742744680D6D125D6773C66D330B81E32
FD2AD7331099CFB7A118458E12965559ABF6D870A4B3DFF975FF43C3C56C09C8
ComputeStringHash
__StaticArrayInitTypeSize=6
__StaticArrayInitTypeSize=10
__StaticArrayInitTypeSize=16
__StaticArrayInitTypeSize=32
__StaticArrayInitTypeSize=38
__StaticArrayInitTypeSize=48
__StaticArrayInitTypeSize=64
AssemblyFileVersionAttribute
GuidAttribute
ComVisibleAttribute
AssemblyTrademarkAttribute
AssemblyCopyrightAttribute
AssemblyProductAttribute
TargetFrameworkAttribute
System.Runtime.Versioning
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
AssemblyTitleAttribute
DebuggableAttribute
DebuggingModes
RuntimeCompatibilityAttribute
AssemblyCompanyAttribute
CompilationRelaxationsAttribute
UnverifiableCodeAttribute
'SimpleJSON.JSONNode+<get_Children>d__42
+SimpleJSON.JSONNode+<get_DeepChildren>d__44
(SimpleJSON.JSONArray+<get_Children>d__23
)SimpleJSON.JSONObject+<get_Children>d__26
1.0.0.0
$386d05db-6b0c-4499-8515-2fb53b58e507
Copyright
2021
Client
.NETFramework,Version=v4.5
FrameworkDisplayName
.NET Framework 4.5
WrapNonExceptionThrows
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
BCDFGHJKMPQRTVWXY2346789
FYPZS[Z]^^a
('+*8797:7;7<7IHJHKHLHPOQOcbdbebkjonts|{~}
JSON Parse: Too many closing brackets
JSON Parse: Quotation marks seems to be messed up.
Running passwords recovery...
Failed recursive remove directory
SHA256
2zIqzCZbec5HnL59YRVTkFvNDea381i0WOe3dxRcQY9mgcbW6ylu4XOmYEvdpVfvZv7YOQQfD4eoeWCqUB5kBIllYac434il1lJW9eTOefguHeB3fHoYsx8M3DMXop4c
Nnh/XzGc4qXVzc1DOZ4Afrrpnrq3n9qYFVrXeP+JCCvVkS6Y267z6o+sda3jxCvnxQiamZ1WQWwr7aQUnvgGlQ==
DoR2EwFoczeVD6l9ZOeBSTDWqq4Q9CyGPyExsflJjWgYfC3ghVH18FN3Xcc3SKL9rpgmI5EBk/MTtCjWaplLJw==
9XbAAh5WKI2oZjzfOsD/a8Kt/T1UNLbJcNMCaFV9eMfCyYCkCfXLtZFwlDrO0pnN9N5TnOodJhfp1o4a2ztdag==
Z5pZYvRJIFTn8wlNIbceeqsxsKyiih9zS9G1Q49QpoEQOhv8FIVYhJy3JtaDzo7YHrinzRvWHLMY6KkdaCxT9w==
lv3eVVbrtyehpFQQS+O85pqbqHpE531GsoTORjAIVkmXnn29fizpHaeprUcfXfR7i1rDsUVnA0uHFazCOt353g==
%AppData%
VklmeGZxcnlVVHlaVUJHRENCQXZiWVZZSXNleElNN1o=
vx/BE7jbRUB6mf7JvBe7Aqms5ens79dF75erQeF42sT5vvO+4N9X2zk0aqxqkuguWA/A06An2byEZbqi5N4oc6eDd74t2bt19gesw0UIL8c=
nXKe4oAN0iBYluL0NQNKasuRdPEYHHvoJHBCMT+I7iGe41QiUcLXnSquqUdY5Xs+MVUGLpfUfaHVmqMC/SfaaZX1JoFtVGWwClIrpf8FsiO8IpqEKgM6FNqF0Ognzq1b7tp3rIjM2Aq8StkwWXkHUOYxI8qr8GADLi4Ylq0kgwpIiGkb1z/6p5ujAOACIjgw5x9IhvGtTr+pZgOuq775zWQtOZIwgHiwfn+8HAB7TWqKBA5reeQ+GcSe1AVSSvIwL2m9YqmANxvUV/z6P+tntZK9khBosBwHhOiwRWXG7/WpzOHXHsguz9PsgGj8x6vv563lVxWQAVbkGsiVnDkQDg6utGPUefYXoghcReIUhhO5SZiVt8QiJpJVzlEJFFLSzuPdrYoqneInXeUrZciNHk6Hx/qmc0c/OP8zrIiuTOIjkA4/48e72ZkKUXXjDM9NHJYaFkiW7Wy09F3klKb3gXQb7uQKAQ3myxaI9H4viFDzQ+c6ot/Tt/9sm+I5UXFT4EyPgUXKxHI2gqb+mGyqQkOPuBaH45ePwop7BrYpY/1efw+fAOhY4ManjMs6wjMfCyT+RgVfeAolPHVmFc7THpeFENsGzPu4PaQTk7KcIXPlIOAC8nCCQkJ8Z/VkapUueXmA9ouv8rVUX3RDzPNuYQMj6eQGRGoJaiSi1XnTSB+pFxXuymASnVeMHzS1YJc6S1Fy8xnlzJW7wkSc0EzMjLWBFsM3Hqd3b6QH+6AftKjxmEGRAffkIkZg1kgQascpVqw/SlkjNmcC+8/jbyDIsnjfoUA7PIQ6NaNjAWDQ8QJGwp8fEK5MOILen18Pkqix0uS7isDBkB1ChKdH/cR8LyKqqAvhf24jkqpsdpnndycZXCnmG14YSdhSJD7P54U5ewxu5hWc0WDpXKCJSpKp+Gy3I3bLus4hISrBmvvjsDY5WaJWh4rN+zn3lBsaEVXz0YdEKxHlnUuHD4RTG2YEeg7l4NQmHuxkbkoOBiV/EkTcqVMpsm9VZOkIK44jxyFH
xYuvE6ES2q02iyx0gj+TcxpQsqddzdkIJrpkxnhqM1VY6AGnW9K7iueX76+kb51aZY1MQHOImE+WAxBe/9TWW8PghqnYJs+uiWFcbqIrt7wBNgYAZIb4fWIYK6I8PvGWTdMT0vp5d1eejCO3WE2kAMEeZpGjb68AQ5PP+dh1Wp3O0VUq7s2iJGVMSVGN135sxYJU8wDgauyFnkLJSJeLk1O3e5wj8ldO2VmBZYAsUnmHz13Us3I3PoAxFiTxlTLjhRPFRIsbCqEP6xNQ3kDkFKuLpFSL/blpFfMjQmQ5BZa89JW71VVphnSL2FKVSNQKCMnGVL3nP821stfO7+UaXigZoiCSHiCC8Xr7nEzpDlG2RgMUwDucpB1mvt98IYaMGq/0fG4jfeTA55MeYaYohWWyA2LtRP0RbW/rwb/1i8zbRO8ZE2Ija3PodY2RvbPdbjE54kTNtjBgzf6K8E81X7btQR8c8BZUMdOwxVl75qDT2H63rZEaMl77jloAE/cEkIXrsX7+rZ6B7a6lMZmYLElRc8LWfLlSZmThfBDIK9YeXkFtWJRgA93O4gg7E3lUzMJu0g5B7msUktrpU4528r3AjTy2eoctSxjuRDsr/e6TOwdUc8gl8ZVMOYDhisupmEJt9e0OLgzrGcKtKqXbyBW04KCUkm1FIO9+PAZxSUEyaMGCsQHWKj0svFFlqaKqYzWAFMT6DiqSi2BAj6+og84aRcK3N4c6p98aY4O5HOqEDAI1j2YIqfDIzPbNiJdDHFejRE0OLkZnxtDO6Rvx2mqmHyrBbw5jnawfKvTDhq9ycPJI5uzSx4Z/3IZFkvoVxDnyZe8bPXlEi1VKolNoVTKKe7QZ0Nmvh/mkccBQprZplaC6NMjrI7NmgMkSath9a+NWtUN7wdN42ZgRVtQNlaq9f0psTGTNdCMC+zYJWBRLXIGFGZDtAcys9c5CjJcRCGuCXgAlNFlzNX4rlEJLOQ==
BiqtBx0xjRuDe2Zg2dcC8J1KoWKNoffEUKHBE7OdLr8W1kZJuL2JQIK4EKh/Pufzqq/B5pa67ljqVHKVKUgg3g==
G8C7Y9ipusvdFZrZg53dgXEaAzb3TOWL7VsYVVsds6b1TJw/sOxoqkvDGfYz+RYqo3+w0n9qUFWDYPpb42n2VA==
naNafWycahxvYmxnrme7My+ztnu57353mXdbSDHHMxlJb6oV1x/IXzsIZ33nJ4eakzCYRHnyv/GyGZXz+Zl1ng==
jB9JCdgvxk7Z2AuNc0VtOVQrqhLj+ZMZIyXzhSmN2MgzVeR28iM6y+dsiKW3WJmuyx3ffevzkyVizOEQWAISeg==
Unknown
Unknown System
root\CIMV2
SELECT * FROM win32_operatingsystem
HARDWARE\Description\System\CentralProcessor\0
Identifier
(32 Bit)
(64 Bit)
(Unknown)
Select ProcessorId From Win32_processor
ProcessorId
\root\SecurityCenter2
Select * from AntivirusProduct
displayName
Not installed
No network adapters with an IPv4 address in the system!
Request failed
unknown
Failed
BSSID:
{"result":200
"lat":
"lon":
"range":
Latitude:
Longitude:
Range:
[Open google maps](
SELECT * FROM Win32_Processor
SELECT * FROM Win32_VideoController
Select * From Win32_ComputerSystem
TotalPhysicalMemory
yyyy-MM-dd h:mm:ss tt
https://api.telegram.org/bot
/getUpdates
result
update_id
https://api.telegram.org/bot{0}/getUpdates?offset={1}
message
username
first_name
You not my owner
Unknown user with id
and username @
send command to bot!
document
file_name
file_id
/getFile?file_id=
file_path
Unknown type received. Only Text/Document can be used!
File not found!
?chat_id=
https://pastebin.com/raw/7B75u64B
?chat_id=5283662956
/sendMessage?chat_id=
&text=
/sendLocation?chat_id=
&latitude=
&longitude=
Downloading file "
" from url
Connection error
File "
" saved in: "
Downloading file: "{file}"
https://api.telegram.org/file/bot
File "{file}" saved in: "{Path.GetFullPath(file)}"
yyyy-MM-dd_h.mm.ss
({0} - MAX)
*Keylogger
*WorldWind Pro - Results:*
Date:
System:
Username:
CompName:
Language:
Antivirus:
*Hardware:*
HWID:
Power:
Screen:
*Network:*
Gateway IP:
Internal IP:
External IP:
*Domains info:*
*Bank Logs*
*Crypto Logs*
*Freaky Logs*
*Logs:*
Passwords
CreditCards
Cookies
AutoFill
History
Bookmarks
Downloads
*Software:*
Wallets
FTP hosts
VPN accounts
Pidgin accounts
Telegram sessions
Discord token
Steam session
Uplay session
*Device:*
Windows product key
Wifi networks
Webcam screenshot
Desktop screenshot
*File Grabber:*
Source code files
Database files
Documents
Images
Telegram Channel: @X_Splinter
Document
Uploading Log Folders...
/editMessageText?chat_id=
&message_id=
&parse_mode=Markdown&disable_web_page_preview=True
"result":{"message_id":\d+
"result":{"message_id":
Bot connected
msgid.dat
history.dat
--- ClipperBTC ---
--- ClipperETH ---
--- ClipperXMR ---
--- ClipperXLM ---
--- ClipperXRP ---
--- ClipperLTC ---
--- ClipperBCH ---
facebook
twitter
telegram
discord
protonmail
outlook
password
encryption
account
sign in
credit
exchange
wellsfargo
bankofamerica
bitcoin
monero
dashcoin
litecoin
etherium
stellarcoin
blockchain
paxful
investopedia
buybitcoinworldwide
cryptocurrency
crypto
trading
wallet
hentai
DataBase
sqlite
SourceCode
ENCRYPTED:
\FileZilla\
recentservers.xml
sitemanager.xml
Server
ftp://
Url: {0}
Username: {1}
Password: {2}
\Hosts.txt
Software
strDataDir
\wallets
\Zcash
Armory
\Armory
Bytecoin
\bytecoin
\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Exodus
\Exodus\exodus.wallet
Ethereum
\Ethereum\keystore
Electrum
\Electrum\wallets
AtomicWallet
\atomic\Local Storage\leveldb
Guarda
\Guarda\Local Storage\leveldb
Coinomi
\Coinomi\Coinomi\wallets
Litecoin
Bitcoin
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
\accounts.txt
Username:
Password:
OpenVPN Connect\profiles
\profiles
profiles\
ProtonVPN
ProtonVPN.exe
\user.config
\Windows.txt
NAME:
TITLE:
\WorldWind.jpg
Directory not exists
DRIVE-
Downloads
USERPROFILE
Dropbox
OneDrive
Grabber
DropBox
\Process.txt
SELECT ExecutablePath, ProcessID FROM Win32_Process
ProcessID
ExecutablePath
BCDFGHJKMPQRTVWXY2346789
SOFTWARE\Microsoft\Windows NT\CurrentVersion
DigitalProductId
Failed to get DigitalProductId from registry
SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
GetConnectedCamerasCount : Query failed
WebCap
\Webcam.jpg
/C chcp 65001 && netsh wlan show profile | findstr All
/C chcp 65001 && netsh wlan show profile name="
" key=clear | findstr Key
/C chcp 65001 && netsh wlan show networks mode=bssid
\ScanningNetworks.txt
PROFILE:
PASSWORD:
\SavedNetworks.txt
\tokens.txt
Authorization
Unauthorized
Token is valid
Token is invalid
Connection error
[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}|mfa\.[a-zA-Z0-9_\-]{84}
Discord\Local Storage\leveldb
Discord PTB\Local Storage\leveldb
Discord Canary\leveldb
Protocol:
Login:
Password:
.purple\accounts.xml
\Telegram Desktop\tdata
Telegram
usertag
settings
key_data
versions
bytes
\versions.txt
VERSION:
SIZE:
DATE:
\mods.txt
screenshots
\screenshots
\screenshots\
servers.dat
\servers.dat
launcher_profiles.json
\launcher_profiles.json
.minecraft
Software\Valve\Steam
SteamPath
Installed
Running
Updating
\Apps.txt
Application
GameID:
Installed:
Running:
Updating:
RememberPassword
Autologin User:
AutoLoginUser
Remember password:
\SteamInfo.txt
Ubisoft Game Launcher
Url: {0}
Username: {1}
Password: {2}
WorldWindStealer
Type: {0}
Number: {1}
Exp: {2}
Holder: {3}
### {0} ### ({1}) {2}
### {0} ### ({1})
### {0} ###
\InternetExplorer_Logs
\InternetExplorer_Logs\Passwords.txt
[ERROR] Unable to enumerate vaults. Error (0x
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
Unable to open the following vault:
. Error: 0x
[ERROR] Unable to enumerate vault items from the following vault:
. Error 0x
SchemaId
pResourceElement
pIdentityElement
pPackageSid
Error occured while retrieving vault item. Error: 0x
pAuthenticatorElement
\Profiles
\places.sqlite
\places.raw
moz_bookmarks
\cookies.sqlite
moz_cookies
\Bookmarks.txt
\Cookies.txt
\History.txt
\Profiles\
moz_places
logins.json
key3.db
key4.db
autofill
"bookmark_bar": {
"other": {
"name": "
"type": "url",
"url": "http
Failed to parse url
credit_cards
\Login Data
\Web Data
\Bookmarks
\Cookies
\History
\CreditCards.txt
\AutoFill.txt
\Passwords.txt
BCrypt.BCryptDecrypt() (get size) failed with status code: {0}
BCrypt.BCryptDecrypt(): authentication tag mismatch
BCrypt.BCryptDecrypt() failed with status code:{0}
BCrypt.BCryptOpenAlgorithmProvider() failed with status code:{0}
BCrypt.BCryptSetAlgorithmProperty(BCrypt.BCRYPT_CHAINING_MODE, BCrypt.BCRYPT_CHAIN_MODE_GCM) failed with status code:{0}
BCrypt.BCryptImportKey() failed with status code:{0}
BCrypt.BCryptGetProperty() (get size) failed with status code:{0}
BCrypt.BCryptGetProperty() failed with status code:{0}
Antivirus Signature
Bkav W32.AIDetectMalware.CS
Lionic Trojan.Win32.AsyncRAT.i!c
tehtris Clean
MicroWorld-eScan Gen:Variant.Jalapeno.1652
CMC Clean
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
Skyhigh BehavesLike.Win32.Generic.cm
ALYac Gen:Variant.Jalapeno.1652
Cylance Unsafe
Zillya Trojan.Agent.Win32.2981387
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0059277e1 )
Alibaba Backdoor:MSIL/AsyncRat.652903db
K7GW Trojan ( 0059277e1 )
Cybereason malicious.78f768
huorong TrojanSpy/MSIL.PwStealer.r
Baidu Clean
VirIT Trojan.Win32.GenusT.DTXQ
Paloalto generic.ml
Symantec ML.Attribute.HighConfidence
Elastic Windows.Generic.Threat
ESET-NOD32 a variant of MSIL/Agent.DWJ
APEX Malicious
Avast Win32:KeyloggerX-gen [Trj]
Cynet Clean
Kaspersky HEUR:Trojan-PSW.MSIL.Stealer.gen
BitDefender Gen:Variant.Jalapeno.1652
NANO-Antivirus Trojan.Win32.Stealer.kbmvdo
ViRobot Clean
Tencent Malware.Win32.Gencirc.10bc9d0e
TACHYON Backdoor/W32.DN-Crysan.179200
Sophos Mal/AsyncRat-C
F-Secure Heuristic.HEUR/AGEN.1365342
DrWeb Trojan.PWS.Stealer.39534
VIPRE Gen:Variant.Jalapeno.1652
McAfeeD Real Protect-LS!F93A30378F76
Trapmine Clean
FireEye Generic.mg.f93a30378f7682e1
Emsisoft Gen:Variant.Jalapeno.1652 (B)
Ikarus Win32.Outbreak
GData MSIL.Backdoor.DCRat.D
Jiangmin Trojan.MSIL.amfgq
Webroot Clean
Varist W32/MSIL_Agent.BTI.gen!Eldorado
Avira HEUR/AGEN.1365342
Antiy-AVL Trojan[Backdoor]/MSIL.Crysan
Kingsoft MSIL.Trojan-PSW.Stealer.gen
Gridinsoft Trojan.Win32.Agent.sa
Xcitium Clean
Arcabit Trojan.Jalapeno.D674
SUPERAntiSpyware Trojan.Agent/Gen-Crypt
ZoneAlarm HEUR:Trojan-PSW.MSIL.Stealer.gen
Microsoft Backdoor:MSIL/AsyncRat!atmn
Google Detected
AhnLab-V3 Backdoor/Win.AsyncRAT.C4932402
Acronis Clean
McAfee FE_Trojan_MSIL_Generic_257
MAX malware (ai score=83)
VBA32 Trojan.MSIL.InfoStealer.gen.D
Malwarebytes Generic.Malware.AI.DDS
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Stealer.Agent!1.D483 (CLASSIC)
Yandex Trojan.Agent!IaVjqYXjrFY
SentinelOne Static AI - Malicious PE
Fortinet MSIL/Agent.CFW!tr
BitDefenderTheta Gen:NN.ZemsilF.36812.km0@a4dXiEh
AVG Win32:KeyloggerX-gen [Trj]
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_100% (W)
alibabacloud Backdoor:MSIL/AsyncRAT.Stub.GG!MTB
No IRMA results available.