Keylogger download crackPredator Pain Keylogger Download

Keylogger Download Full Version

A Trend Micro research paper that reveals the operations and cybercriminals behind Predator Pain and Limitless Keylogger, which are malware toolkits that are easily obtained from underground forums. Predator Pain is a premium keylogger which is used by cybercriminals and hackers to steal keystrokes from unaware victims. The Predator Pain (Predator 13) keylogger has been analyzed by MalwareConfig and they have published various PredatorPain samples which can be used for analysis. HawkEye is yet another off-the-shelf crimeware with close ties to Predator Pain and Limitless - keyloggers used in campaigns that also targeted SMBs in 2014. Piercing the HawkEye: Nigerian Cybercriminals Use a Simple Keylogger to Prey on SMBs Worldwide. Piercing the HawkEye: Nigerian Cybercriminals Use a Simple Keylogger to Prey on SMBs.

Keylogger Software

Predator pain keylogger download

Keylogger Download Rapidshare

  1. Predator Pain Keylogger - Partial Dump Of Strings In Memory
  2. http://stopmalvertising.com/malware-reports/analysis-of-the-predator-pain-keylogger.html
  3. 0x230448 (28): MACHINE_CONFIG
  4. 0x249c48 (20): System.Windows.Forms
  5. 0x249dc8 (16): GDI+ Hook Window
  6. 0x249ee8 (21): Microsoft.VisualBasic
  7. 0x24c540 (14): KazyLoader.dll
  8. 0x1991ff9 (44): !This program cannot be run in DOS mode.
  9. 0x199279a (14): KazyLoader.dll
  10. 0x199300a (30): VS_VERSION_INFO
  11. 0x1993086 (22): Translation
  12. 0x19930e6 (22): CompanyName
  13. 0x199313c (20): KazyLoader
  14. 0x199318a (24): InternalName
  15. 0x19931ca (28): LegalCopyright
  16. 0x19931fe (30): Microsoft 2014
  17. 0x1993248 (28): KazyLoader.dll
  18. 0x1993288 (20): KazyLoader
  19. 0x19932da (32): Assembly Version
  20. 0x19983a8 (24): winlogon.exe
  21. 0x19983ec (116): The application failed to initialize properly (0xc0000135)
  22. 0x1998580 (34): HKEY_CURRENT_USER
  23. 0x19985e8 (20): HKEY_USERS
  24. 0x199864c (38): HKEY_CURRENT_CONFIG
  25. 0x1998890 (106): SoftwareMicrosoftWindows NTCurrentVersionWinlogon
  26. 0x1998958 (116): SoftwareMicrosoftWindowsCurrent VersionPoliciesSystem
  27. 0x1998a68 (40): -reg 'explorer.exe,
  28. 0x199cc48 (38): LOADER_OPTIMIZATION
  29. 0x199cda4 (88): SoftwareMicrosoftWindows NTCurrentVersion
  30. 0x199ce64 (22): Server Core
  31. 0x19b58b4 (22): dontclearff
  32. 0x19b592c (28): websitevisitor
  33. 0x19b598c (36): DisableAdminRights
  34. 0x19b5b04 (22): Disablemelt
  35. 0x19b5b54 (20): Disablecmd
  36. 0x19b5bac (32): Disablespreaders
  37. 0x19b5c0c (38): Windows Update.exe
  38. 0x19b6935 (44): !This program cannot be run in DOS mode.
  39. 0x19b7252 (18): CMemoryExecute.dll
  40. 0x19b78d1 (14): CMemoryExecute
  41. 0x19b7d46 (30): VS_VERSION_INFO
  42. 0x19b7dc2 (22): Translation
  43. 0x19b7e22 (30): FileDescription
  44. 0x19b7e6a (22): FileVersion
  45. 0x19b7eb4 (36): CMemoryExecute.dll
  46. 0x19b7f00 (20): Copyright
  47. 0x19b7f4c (36): CMemoryExecute.dll
  48. 0x19b7f94 (28): CMemoryExecute
  49. 0x19b7fee (32): Assembly Version
  50. 0x19bb738 (36): WindowsUpdate.exe
  51. 0x19bb7bc (22): pidloc.txt
  52. 0x19bb814 (30): Disablestealers
  53. 0x19bb898 (22): Disableclip
  54. 0x19c011c (58): results@facebookmarketers.net
  55. 0x19c01d0 (24): ftp.host.com
  56. 0x19c02bc (98): http://www.DeceptiveEngineering.com/path/logs.php
  57. 0x19c04b0 (26): GetHostByName
  58. 0x19c054c (44): <!-- do not script -->
  59. 0x19c0734 (26): net_webclient
  60. 0x19c09b0 (20): WebRequest
  61. 0x19c1e84 (28): HttpWebRequest
  62. 0x19c216c (20): bypasslist
  63. 0x19c2584 (20): autoDetect
  64. 0x19c25dc (26): bypassonlocal
  65. 0x19c2634 (32): usesystemdefault
  66. 0x19c4e4c (56): http://whatismyipaddress.com
  67. 0x19cb7ec (60): SELECT * FROM AntivirusProduct
  68. 0x19cb884 (24): COMPUTERNAME
  69. 0x19cc048 (28): //./root/cimv2
  70. 0x19cd7ac (30): Disablefakerror
  71. 0x19ce324 (38): bitcoinwallet.dat
  72. 0x19ce384 (20): wallet.dat
  73. 0x19ce748 (28): Disablestartup
  74. 0x19ce778 (90): SoftwareMicrosoftWindowsCurrentVersionRun
  75. 0x19cffd4 (72): This is an email notifying you that
  76. 0x19d0030 (262): has ran your logger and emails should be sent to you shortly and at interval choosen.
  77. Predator Logger Details:
  78. 0x19d0148 (42):
  79. 0x19d0184 (56):
  80. 0x19d01d0 (74):
  81. 0x19d022c (62): minutes
  82. Stealers Enabled:
  83. Time Log will be delivered: Average 2 to 4 minutes
  84. Local Date and Time:
  85. Installed Language:
  86. Operating System:
  87. Internal IP Address:
  88. External IP Address:
  89. Installed Anti-Virus:
  90. Installed Firewall:
  91. 0x19d04d8 (60): Predator_Painv13_Notification_
  92. 0x19d0544 (68): Predator Pain v13 - Server Ran - [
  93. 0x19d05d8 (78): Predator Pain v13|Minecraft Stealer - [
  94. 0x19d0638 (312): There is a file attached to this email containing Minecraft username and password download it then decrypt the login information with my Minecraft Decryptor
  95. 0x19d09b4 (42): Win32_OperatingSystem
  96. 0x19d0fcc (70): select * from Win32_OperatingSystem
  97. 0x19d13f8 (46): DeviceIndependentBitmap
  98. 0x19d148c (24): MetaFilePict
  99. 0x19d14e4 (42): DataInterchangeFormat
  100. 0x19d1648 (22): HTML Format
  101. 0x19d16a4 (32): PersistentObject
  102. 0x19d1704 (60): WindowsForms10PersistentObject
  103. 0x19d1904 (72): Predator Pain v13 - Key Recorder - [
  104. 0x19d1960 (454): **********************************************
  105. **********************************************
  106. 0x19d1b38 (458):
  107. Keylogger Log
  108. 0x19d1d64 (36): screensscreenshot
  109. 0x19d2ebc (48): specifiedPickupDirectory
  110. 0x19d32f8 (36): defaultCredentials
  111. 0x19d33a4 (20): targetName
  112. 0x19d3938 (46): pickupDirectoryLocation
  113. 0x19d4010 (68): SMTPSVC/mail.facebookmarketers.net
  114. 0x19d4784 (56): MailAddressUnsupportedFormat
  115. 0x19d48a8 (42): facebookmarketers.net
  116. 0x19d4904 (90): Predator Pain v13 - Server Ran - [SOME-PC]
  117. 0x19db7e0 (30): DeliveryMethod=
  118. 0x19dbafc (72): ByHost:mail.facebookmarketers.net:25
  119. 0x19dbbd8 (72): ByHost:mail.facebookmarketers.net:25
  120. 25
  121. 0x19dc5b4 (42): facebookmarketers.net
  122. 0x19dc7d4 (84): Microsoft.NETFrameworkv2.0.50727vbc.exe
  123. 0x19dc8a8 (28): holdermail.txt
  124. 0x1b69360 (486): **********************************************
  125. **********************************************
  126. 0x1b69558 (46):
  127. 0x1b69598 (30):
  128. 0x1b695c8 (58):
  129. 0x1b69614 (56):
  130. 0x1b69660 (466):
  131. WEB Browser Password Recovery
  132. **********************************************
  133. **********************************************
  134. 0x1b69a2c (930):
  135. Internet Download Manager Recovery
  136. **********************************************
  137. **********************************************
  138. 0x1b69e2c (66): Predator Pain v13|Stealer Log - [
  139. 0x1b69eac (24): holderwb.txt
  140. 0x1df1ff0 (70): select * from Win32_OperatingSystem
  141. 0x1e15db4 (72): f:ddToolsdevdivEcmaPublicKey.snk
  142. 0x1e24a8c (76): Unable to connect to the remote server
  143. 0x1e24de8 (42): Failure sending mail.
  144. 0x1e327c0 (74): Pain File Stealer Bitcoin Stealer - [
  145. 0x1e3281c (128): Steals the Wallet.DAT file that holds the users bitcoin currency
  146. 0x2996e2d (44): !This program cannot be run in DOS mode.
  147. 0x299932f (44): !This program cannot be run in DOS mode.
  148. 0x299e3e8 (36): WebBrowserPassView
  149. 0x299e473 (44): !This program cannot be run in DOS mode.
  150. 0x299ed90 (18): CMemoryExecute.dll
  151. 0x299f40f (14): CMemoryExecute
  152. 0x299f57a (121): C:UsersJovanDocumentsVisual Studio 2010ProjectsStealerCMemoryExecuteCMemoryExecuteobjReleaseCMemoryExecute.pdb
  153. 0x299f8e0 (22): VarFileInfo
  154. 0x299f924 (28): StringFileInfo
  155. 0x299f982 (28): CMemoryExecute
  156. 0x299f9d8 (24): InternalName
  157. 0x299fa20 (28): LegalCopyright
  158. 0x299fa68 (32): OriginalFilename
  159. 0x299fab8 (22): ProductName
  160. 0x299faf8 (28): ProductVersion
  161. 0x299fe78 (44): !This program cannot be run in DOS mode.
  162. 0x29e24ef (36): WebBrowserPassView
  163. 0x29e2543 (82): Apple ComputerPreferenceskeychain.plist
  164. 0x29e25e3 (27): com.apple.WebKit2WebProcess
  165. 0x29e260b (138): SELECT origin_url, action_url, username_element, username_value, password_element, password_value, signon_realm, date_created from logins
  166. 0x29e272b (40): LoadPasswordsFirefox
  167. 0x29e277f (36): LoadPasswordsOpera
  168. 0x29e27cf (44): LoadPasswordsSeaMonkey
  169. 0x29e282f (46): UseFirefoxInstallFolder
  170. 0x29e288f (40): UseOperaPasswordFile
  171. 0x29e28e7 (40): FirefoxInstallFolder
  172. 0x29e293b (34): OperaPasswordFile
  173. 0x29e2962 (57): 'Account','Login Name','Password','Web Site','Comments'
  174. 0x29e2c0f (11): CredDeleteA
  175. 0x29e2c2b (14): CredEnumerateW
  176. 0x29e2c53 (18): CryptUnprotectData
  177. 0x29e2c7f (19): CryptReleaseContext
  178. 0x29e2ca3 (17): CryptGetHashParam
  179. 0x29e2cc7 (16): CryptDestroyHash
  180. 0x29e32ef (15): SQLite format 3
  181. type text,
  182. tbl_name text,
  183. sql text
  184. 0x29e707b (130): SOFTWAREMicrosoftWindowsCurrentVersionApp Pathsseamonkey.exe
  185. 0x29e7133 (32): SOFTWAREMozilla
  186. 0x29e71cb (129): SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins
  187. 0x29e726f (24): signons2.txt
  188. 0x29e72a7 (28): signons.sqlite
  189. 0x29e7553 (84): MicrosoftWindowsWebCacheWebCacheV01.dat
  190. 0x29e75ab (84): MicrosoftWindowsWebCacheWebCacheV24.dat
  191. 0x29e7633 (116): SoftwareMicrosoftInternet ExplorerIntelliFormsStorage2
  192. 0x29e76ab (88): https://www.google.com/accounts/servicelogin
  193. 0x29e773b (72): https://login.yahoo.com/config/login
  194. 0x29e77d7 (22): :stringdata
  195. 0x29e7e79 (24): @history.dat
  196. 0x29e7eaf (32): MozillaProfiles
  197. 0x29e7f07 (52): MozillaSeaMonkeyProfiles
  198. 0x29e7f63 (30): MozillaFirefox
  199. 0x29e8157 (22): sqlite3.dll
  200. 0x29e819b (12): NSS_Shutdown
  201. 0x29e81c3 (13): PK11_FreeSlot
  202. 0x29e81eb (17): PK11_Authenticate
  203. 0x29e82df (20): Login Data
  204. 0x29e8327 (54): GoogleChrome SxSUser Data
  205. 0x29e838b (58): OperaOpera7profilewand.dat
  206. 0x29e859b (20): PStoreCreateInstance
  207. 0x29ebb43 (22): ProductName
  208. 0x29ebb7b (22): FileVersion
  209. 0x29ebbb3 (22): CompanyName
  210. 0x29ebbe7 (28): LegalCopyright
  211. 0x29ebc2b (22): log profile
  212. 0x29ebc83 (14): VaultOpenVault
  213. 0x29ebca3 (19): VaultEnumerateItems
  214. 0x29ebcd7 (12): VaultGetItem
  215. 0x29ebd3b (68): f:ProjectsVS2005WebBrowserPassViewReleaseWebBrowserPassView.pdb
  216. 0x29f2eff (44): Load Passwords From...
  217. 0x29f2f8f (26): Google Chrome
  218. 0x29f30e7 (30): Firefox Options
  219. 0x29f3187 (32): Firefox Profile:
  220. 0x29f32a3 (28): Chrome Options
  221. 0x29f336b (26): Opera Options
  222. 0x29f38a5 (50): Select a filename to save
  223. 0x29f38d9 (382): Web Browser Passwords%Choose another Firefox profile folder)Choose the installation folder of Firefox,Choose another profile of Chrome Web browser,Choose the password file of Opera (wand.dat)
  224. Loading... %d
  225. 0x29f3a97 (46): Tab Delimited Text File
  226. 0x29f3aeb (44): HTML File - Horizontal
  227. 0x29f3b55 (50): Comma Delimited Text File
  228. 0x29f3bbf (58): Opera Password File All Files
  229. 0x29f3c53 (54): Internet Explorer 7.0 - 9.0
  230. 0x29f3ca3 (22): Firefox 2.x
  231. 0x29f3d0b (64): Internet Explorer 10.0 SeaMonkey
  232. 0x29f3dbd (34): Password Strength
  233. 0x29f3e01 (28): Password Field
  234. 0x29f3e65 (22): Very Strong
  235. 0x29f3fd1 (28): StringFileInfo
  236. 0x29f403d (30): FileDescription
  237. 0x29f408d (22): FileVersion
  238. 0x29f40d3 (36): WebBrowserPassView
  239. 0x29f411f (20): Copyright
  240. 0x29f4169 (32): OriginalFilename
  241. 0x29f41c1 (22): ProductName
  242. 0x29f4209 (28): ProductVersion
  243. 0x29f4259 (22): Translation
  244. 0x29f5cdd (44): !This program cannot be run in DOS mode.
  245. 0x2a07088 (14): POP3 User Name
  246. 0x2a070a8 (18): HTTPMail User Name
  247. 0x2a070cc (11): POP3 Server
  248. 0x2a070e4 (15): HTTPMail Server
  249. 0x2a07100 (14): POP3 Password2
  250. 0x2a07120 (18): HTTPMail Password2
  251. 0x2a0715c (13): HTTPMail Port
  252. 0x2a07190 (22): IMAP Secure Connection
  253. 0x2a071c4 (22): SMTP Secure Connection
  254. 0x2a071f0 (18): SMTP Email Address
  255. 0x2a07214 (13): IMAP Password
  256. 0x2a07234 (13): SMTP Password
  257. 0x2a07290 (12): POP3 Use SPA
  258. 0x2a072b0 (16): HTTPMail Use SSL
  259. 0x2a072d4 (12): Display Name
  260. 0x2a07304 (52): SoftwareMicrosoftInternet Account ManagerAccounts
  261. 0x2a07344 (62): SoftwareMicrosoftOfficeOutlookOMI Account ManagerAccounts
  262. 0x2a07390 (12): EmailAddress
  263. 0x2a073c0 (12): PopLogSecure
  264. 0x2a073dc (11): SMTPAccount
  265. 0x2a07400 (13): SMTPLogSecure
  266. 0x2a07420 (31): SoftwareIncrediMailIdentities
  267. 0x2a07488 (13): ReturnAddress
  268. 0x2a074ac (13): Personalities
  269. 0x2a074cc (13): ESMTPUsername
  270. 0x2a074ec (10): POP3Server
  271. 0x2a07508 (12): POP3Password
  272. 0x2a07524 (19): SoftwareGroup Mail
  273. 0x2a07550 (12): %s@yahoo.com
  274. 0x2a07563 (57): 'Account','Login Name','Password','Web Site','Comments'
  275. 0x2a075b0 (100): www.google.com/Please log in to your Gmail account
  276. 0x2a07618 (108): www.google.com:443/Please log in to your Gmail account
  277. 0x2a07688 (102): www.google.com/Please log in to your Google Account
  278. 0x2a076f0 (110): www.google.com:443/Please log in to your Google Account
  279. 0x2a07760 (55): SoftwareMicrosoftWindows Messaging SubsystemProfiles
  280. 0x2a07798 (81): SoftwareMicrosoftWindows NTCurrentVersionWindows Messaging SubsystemProfiles
  281. 0x2a077ec (47): SoftwareMicrosoftOffice15.0OutlookProfiles
  282. 0x2a07b28 (16): POP3_credentials
  283. 0x2a07b54 (40): SoftwareGoogleGoogle DesktopMailboxes
  284. 0x2a07b84 (36): SoftwareGoogleGoogle TalkAccounts
  285. 0x2a08024 (20): mail.account.account
  286. 0x2a08050 (11): mail.server
  287. 0x2a08098 (13): mail.identity
  288. 0x2a080d8 (10): mailbox://
  289. 0x2a080fc (12): imap://%s@%s
  290. 0x2a08110 (129): SELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins
  291. 0x2a081b0 (11): signons.txt
  292. 0x2a081f4 (30): Password.NET Messenger Service
  293. 0x2a08230 (31): SoftwareMicrosoftMSNMessenger
  294. 0x2a08250 (35): SoftwareMicrosoftMessengerService
  295. 0x2a0828c (11): ps:password
  296. 0x2a082c0 (17): windowslive:name=
  297. 0x2a08eec (11): *.oeaccount
  298. 0x2a08f10 (28): MicrosoftWindows Live Mail
  299. 0x2a08f48 (20): SoftwareYahooPager
  300. 0x2a08fd8 (44): f:ProjectsVS2005mailpvReleasemailpv.pdb
  301. 0x2a0d588 (30): Outlook Express
  302. 0x2a0d5ce (52): Group Mail Free
  303. 0x2a0d604 (60): MS Outlook 2002/2003/2007/2010
  304. 0x2a0d666 (50): Yahoo! Mail
  305. 0x2a0d69a (22): Thunderbird
  306. 0x2a0d6d0 (24): Windows Mail
  307. 0x2a0d70e (24): Outlook 2013
  308. 0x2a0d96a (30): VS_VERSION_INFO
  309. 0x2a0da02 (22): CompanyName
  310. 0x2a0da54 (44): Mail Password Recovery
  311. 0x2a0dab6 (24): InternalName
  312. 0x2a0daf2 (28): LegalCopyright
  313. 0x2a0db26 (44): 2003 - 2013 Nir Sofer
  314. 0x2a0db7c (20): mailpv.exe
  315. 0x2a0dbb4 (26): Mail PassView
  316. 0x2a0dc06 (22): VarFileInfo
  317. 0x2a10bba (19): encryptedpassstring
  318. 0x2a10be2 (10): portstring
  319. 0x2a10bf9 (13): fakemgrstring
  320. 0x2a10c18 (16): encryptedftpuser
  321. 0x2a10c3a (16): encryptedphplink
  322. 0x2a10c8e (14): websitevisitor
  323. 0x2a10cac (11): AdminRights
  324. 0x2a10ce8 (11): TaskManager
  325. 0x2a10d39 (10): Minecraftt
  326. 0x2a10d71 (32): AccessedThroughPropertyAttribute
  327. 0x2a10d9e (10): passstring
  328. 0x2a10e0f (10): WM_KEYDOWN
  329. 0x2a10e28 (11): WM_SYSKEYUP
  330. 0x2a10e43 (26): LastCheckedForegroundTitle
  331. 0x2a10e8d (10): MyFirewall
  332. 0x2a10eb1 (18): CleanedPasswordsWB
  333. 0x2a1157b (10): DeleteFile
  334. 0x2a1159f (17): SetApartmentState
  335. 0x2a115cb (13): IsNullOrEmpty
  336. 0x2a115f2 (13): WriteAllBytes
  337. 0x2a11614 (12): DownloadFile
  338. 0x2a116e7 (18): GetProcessesByName
  339. 0x2a11746 (16): NetworkInterface
  340. 0x2a1178d (24): get_NetworkInterfaceType
  341. 0x2a117bb (21): get_OperationalStatus
  342. 0x2a117e3 (21): IsConnectedToInternet
  343. 0x2a11855 (11): MailMessage
  344. 0x2a11871 (10): SmtpClient
  345. 0x2a118bd (12): ComputerInfo
  346. 0x2a118e1 (11): CultureInfo
  347. 0x2a11902 (14): get_OSFullName
  348. 0x2a1192d (21): MailAddressCollection
  349. 0x2a11961 (13): set_EnableSsl
  350. 0x2a11981 (10): System.Net
  351. 0x2a1199c (18): ICredentialsByHost
  352. 0x2a119c2 (12): get_Registry
  353. 0x2a119e6 (17): RegistryValueKind
  354. 0x2a11b09 (24): DESCryptoServiceProvider
  355. 0x2a11c92 (11): get_Version
  356. 0x2a11cb5 (13): get_OSVersion
  357. 0x2a11cdd (12): StreamReader
  358. 0x2a11d24 (24): WaitUntilFileIsAvailable
  359. 0x2a11d56 (20): AttachmentCollection
  360. 0x2a11d8e (12): MemoryStream
  361. 0x2a11da6 (21): System.IO.Compression
  362. 0x2a11e22 (12): Minecraftsub
  363. 0x2a11ef2 (11): SendLogsFTP
  364. 0x2a11f0c (12): BinaryWriter
  365. 0x2a11f2b (12): ICredentials
  366. 0x2a11f43 (16): GetRequestStream
  367. 0x2a11f70 (11): SendLogsPHP
  368. 0x2a11f95 (13): get_TimeOfDay
  369. 0x2a11fb1 (14): ClipboardProxy
  370. 0x2a1213c (13): GetExternalIP
  371. 0x2a12203 (12): GetAntiVirus
  372. 0x2a1223a (15): KBDLLHOOKSTRUCT
  373. 0x2a127d5 (11): set_Culture
  374. 0x2a127fe (10): get_mailpv
  375. 0x2a12828 (14): CMemoryExecute
  376. 0x2a1319d (22): dontclearff
  377. 0x2a131e5 (28): websitevisitor
  378. 0x2a13221 (36): DisableAdminRights
  379. 0x2a132ed (22): Disablemelt
  380. 0x2a1331b (20): Disablecmd
  381. 0x2a13351 (32): Disablespreaders
  382. 0x2a1338d (38): Windows Update.exe
  383. 0x2a13659 (22): SysInfo.txt
  384. 0x2a1369b (28): PredatorLogger
  385. 0x2a136d9 (26): Disablelogger
  386. 0x2a13779 (50): MozillaFirefoxProfiles
  387. 0x2a137e1 (20): 127.0.0.1
  388. 0x2a13839 (40): ClientRegistry.blob
  389. 0x2a1388f (54): Microsoft Application Error
  390. 0x2a138dd (72): This is an email notifying you that
  391. 0x2a13928 (262): has ran your logger and emails should be sent to you shortly and at interval choosen.
  392. Predator Logger Details:
  393. 0x2a13a30 (42):
  394. 0x2a13a5c (56):
  395. 0x2a13a96 (74):
  396. 0x2a13ae2 (62): minutes
  397. Stealers Enabled:
  398. Time Log will be delivered: Average 2 to 4 minutes
  399. Local Date and Time:
  400. Installed Language:
  401. Operating System:
  402. Internal IP Address:
  403. External IP Address:
  404. Installed Anti-Virus:
  405. Installed Firewall:
  406. 0x2a13cf5 (60): Predator_Painv13_Notification_
  407. 0x2a13d3d (68): Predator Pain v13 - Server Ran - [
  408. 0x2a13d84 (154): HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
  409. 0x2a13e5a (24): open=Sys.exe
  410. 0x2a13ea6 (90): SoftwareMicrosoftWindowsCurrentVersionRun
  411. 0x2a13f20 (28): CMemoryExecute
  412. 0x2a13f46 (106): C:WindowsMicrosoft.NETFrameworkv2.0.50727vbc.exe
  413. 0x2a13ffa (22): _wallet.dat
  414. 0x2a1403a (84): Microsoft.NETFrameworkv2.0.50727vbc.exe
  415. 0x2a140c2 (28): holdermail.txt
  416. 0x2a140e1 (486): **********************************************
  417. **********************************************
  418. 0x2a142c9 (46):
  419. 0x2a142f9 (30):
  420. 0x2a14319 (58):
  421. 0x2a14355 (56):
  422. 0x2a14390 (466):
  423. WEB Browser Password Recovery
  424. **********************************************
  425. **********************************************
  426. 0x2a1473c (930):
  427. Internet Download Manager Recovery
  428. **********************************************
  429. **********************************************
  430. 0x2a14b1c (66): Predator Pain v13|Stealer Log - [
  431. 0x2a14b7c (24): holderwb.txt
  432. 0x2a14b96 (74): Pain File Stealer Bitcoin Stealer - [
  433. 0x2a14be3 (128): Steals the Wallet.DAT file that holds the users bitcoin currency
  434. 0x2a14c91 (78): Predator Pain v13|Minecraft Stealer - [
  435. 0x2a14ce2 (312): There is a file attached to this email containing Minecraft username and password download it then decrypt the login information with my Minecraft Decryptor
  436. 0x2a14e84 (72): Predator Pain v13 - Key Recorder - [
  437. 0x2a14ecf (454): **********************************************
  438. **********************************************
  439. 0x2a15098 (458):
  440. Keylogger Log
  441. 0x2a15292 (36): screensscreenshot
  442. 0x2a1532e (26): [------------
  443. 0x2a15366 (26): 099u787978786
  444. 0x2a153be (44): <!-- do not script -->
  445. 0x2a1542a (60): SELECT * FROM AntivirusProduct
  446. 0x2a15480 (58): SELECT * FROM FirewallProduct
  447. 0x2a154f2 (36): WebBrowserPassView
  448. 0x2a15520 (104): :WindowsMicrosoft.NETFrameworkv2.0.50727vbc.exe
  449. 0x2a2d464 (106): SoftwareMicrosoftWindows NTCurrentVersionWinlogon
  450. 0x2a2d4fa (116): SoftwareMicrosoftWindowsCurrent VersionPoliciesSystem
  451. 0x2a2d5b6 (40): -reg 'explorer.exe,
  452. 0x2a2d638 (22): SbieDll.dll

⇐ ⇐ Rosetta Stone Android Crack
⇒ ⇒ Kel Tec P11 Serial Number