Concrete signature match: Trojan - Appears legitimate but performs malicious actions for .NET (Microsoft Intermediate Language) platform, family Keylogger
This is a concrete detection of a keylogger written in MSIL. It's designed to capture keystrokes, communicate with a command-and-control server (C2) for data exfiltration or update downloads, and can be distributed through social engineering lures, often posing as screensavers or cracked software.
Relevant strings associated with this threat:
- [Scroll Lock] (PEHSTR)
- [Print Screen] (PEHSTR)
- \RECYCLER\temp01.txt (PEHSTR_EXT)
- SOFTWARE\KAZAA\LocalContent (PEHSTR)
- \cmd.exe (PEHSTR)
- Keylogger Started (PEHSTR)
- spybot1.2c (PEHSTR)
- startkeylogger (PEHSTR)
- AVP_Crack.exe (PEHSTR)
- zoneallarm_pro_crack.exe (PEHSTR)
- /Sexy Screensaver For You, delivered by a friend (PEHSTR)
- BCheck what i found. Its saved in PIF format (Picture image Format) (PEHSTR)
- #Someone sent you a sexy screensaver (PEHSTR)
- autoemail@screensaver.com (PEHSTR)
- MSNPasswordStealer_Setup.exe (PEHSTR)
- MSNHack.exe (PEHSTR)
- AOL_Hack.exe (PEHSTR)
- AOL_Password_Stealer.exe (PEHSTR)
- :[HTTP] Downloading File ( (PEHSTR)
- :[HTTP] Downloading Update ( (PEHSTR)
- :[HTTP] Downloaded (PEHSTR)
- :[HTTP] Opened (PEHSTR)
- :[HTTP] Failed To Open (PEHSTR)
- :[HTTP] Download Failed (PEHSTR)
- :[HTTP] Visit Successfull (PEHSTR)
- :[HTTP] Visit Failed (PEHSTR)
- $:[Keygrab] User wrote "login"; http: (PEHSTR)
- B:[Keylogger] Max-size of logfile reached. Saved as (st.log-backup) (PEHSTR)
- \slugsend\death-ap100s (PEHSTR)
- \slugsend\death-apc (PEHSTR)
- c:\windows\keylog.txt (PEHSTR_EXT)
- Found Tiberian Sun CDKey (%s). (PEHSTR_EXT)
- Keylogger logging to %s (PEHSTR_EXT)
- UGLY BOT 1.0 by eric and vice (PEHSTR_EXT)
- Screen (PEHSTR_EXT)
- dtrjw_scrw (PEHSTR_EXT)
- Keylogger (PEHSTR_EXT)
- %system%\debitos.scr (PEHSTR)
- (%system%\my_backdoor (no x win 2000).exe (PEHSTR)
- %system%\eexplorer.exe (PEHSTR)
- %system%\keyhook.dll (PEHSTR)
- %windir%\help\kill.exe (PEHSTR)
- #%desktop%\Backdoor.IRC.Cloner.v.exe (PEHSTR)
- %desktop%\Backdoor.IRC.Bnc.c.exe (PEHSTR)
- %desktop%\Backdoor.IRC.Belio.exe (PEHSTR)
- #%desktop%\Backdoor.IRC.Banned.b.exe (PEHSTR)
- "%desktop%\Backdoor.IRC.Ataka.a.exe (PEHSTR)
- %system%\svcxnv32.exe (PEHSTR)
- %windir%\winsocks5.exe (PEHSTR)
- %system%\winsdata.exe (PEHSTR)
- %system%\ravmond.exe (PEHSTR)
- %system%\WINWGPX.EXE (PEHSTR)
- %desktop%\Backdoor.IRC.Acnuz.exe (PEHSTR)
- %desktop%\Backdoor.ASP.Ace.b.exe (PEHSTR)
- %desktop%\Backdoor.ASP.Ace.a.exe (PEHSTR)
- /%desktop%\msn\Backdoor.Win32.MSNCorrupt.exe.exe (PEHSTR)
- &%desktop%\Backdoor.Win32.Bifrose.a.exe (PEHSTR)
- CORRECT.dll (PEHSTR_EXT)
- EXECryptor V2.3.9.0.Demo.CracKed.By : fly (PEHSTR_EXT)
- DLL_GetProjectVersion (PEHSTR_EXT)
- taskmgr.exe (PEHSTR_EXT)
- pk.bin (PEHSTR_EXT)
- apps.dat (PEHSTR_EXT)
- titles.dat (PEHSTR_EXT)
- inst.dat (PEHSTR_EXT)
- r.exe (PEHSTR_EXT)
- hk.dll (PEHSTR_EXT)
- vw.exe (PEHSTR_EXT)
- un.exe (PEHSTR_EXT)
- xxx.jpg (PEHSTR_EXT)
- SOFTWARE\Borland\Delphi\RTL (PEHSTR_EXT)
- \Software\Microsoft\Windows NT\CurrentVersion\Winlogon (PEHSTR_EXT)
- #deldir [sciezka do folderu] - Usuwa katalog, wraz z wszystkimi plikami i podfolderami. (PEHSTR_EXT)
- #directory c:\program files\ - Pokazuje zawarto (PEHSTR_EXT)
- #kill - Zabija proces keyloggera. (PEHSTR_EXT)
- #put [mail,ftp] c:\plik.txt - Wysyla plik na ftp lub mail. (PEHSTR_EXT)
- VisualShock Keylogger 3 (PEHSTR_EXT)
- Log z VisualShock Keylogger 3 (PEHSTR_EXT)
- VisualShock Keylogger 3 pomoc: (PEHSTR_EXT)
- any przez VisualShock Keylogger (PEHSTR_EXT)
- Nagranie z mikrofonu pochodzi z VisualShock Keylogger 3 (PEHSTR_EXT)
- $Microsoft Visual Studio\VB98\VB6.OLB (PEHSTR)
- smtp.someserver.something (PEHSTR)
- host_name=ftp.bilgihawuzu.com (PEHSTR_EXT)
- winsysbg.dll (PEHSTR_EXT)
- !index.php?msg=%s&email=%s&from=%s (PEHSTR)
- pSYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List (PEHSTR)
- scroll_lock (PEHSTR)
- prnt_scrn (PEHSTR)
- \windows\lsass.exe (PEHSTR)
- \windows\services.ini (PEHSTR)
- Kavpfw.exe (PEHSTR)
- Eghost.exe (PEHSTR)
- Ravmon.exe (PEHSTR)
- Pfw.exe (PEHSTR)
- Explorer.EXE (PEHSTR)
- Netbargp.exe (PEHSTR)
- KMailMon.exe (PEHSTR)
- Iparmor.exe (PEHSTR)
- Kvmonxp.exe (PEHSTR)
- \qijian.exe (PEHSTR)
- \qijian.dll (PEHSTR)
- -SOFTWARE\Microsoft\Windows\CurrentVersion\Run (PEHSTR)
- C:\dllserw.dll (PEHSTR_EXT)
- C:\WINDOWS\sfdll.dll (PEHSTR_EXT)
- \System\screen.jpg (PEHSTR)
- \System\svchosts.exe (PEHSTR)
- \System32\svchosts.exe (PEHSTR)
- DavizinX ScreenLogger (PEHSTR)
- davizinxtools@daviiznx.com (PEHSTR)
- DavizinXKeylogger@davizinx.com (PEHSTR)
- #http://www.davizinx.com/davizin.php (PEHSTR)
- KeyloggerTimer (PEHSTR_EXT)
- PcClient.dll (PEHSTR_EXT)
- pskey.dat (PEHSTR_EXT)
- http://%s:%d/%d%s (PEHSTR_EXT)
- "%s" /c del "%s" (PEHSTR_EXT)
- \wuauclt.exe (PEHSTR_EXT)
- Policies\Comdlg32 (PEHSTR_EXT)
- Policies\Network (PEHSTR_EXT)
- peroxyde.paypal@gmail.com (PEHSTR_EXT)
- helo me.somepalace.com (PEHSTR_EXT)
- sound.wav (PEHSTR_EXT)
- gmail-smtp-in.l.google.com (PEHSTR_EXT)
- mseps.pdb (PEHSTR_EXT)
- !C:\WINDOWS\SYSTEM32//sysmnger.exe (PEHSTR)
- xsetups01.bcr (PEHSTR)
- %.2d/%.2d/%4d (PEHSTR)
- Albertino Keylogger Creator (PEHSTR)
- route delete 0.0.0.0 (PEHSTR_EXT)
- \Kreylogger Source\gmail Keylogger\My Keylogger\ (PEHSTR_EXT)
- nt.dll (PEHSTR_EXT)
- Arquivo executado! (PEHSTR_EXT)
- Problemas ao iniciar Keylogger (PEHSTR_EXT)
- Processo terminado... (PEHSTR_EXT)
- \DDKPasswordListenner\ (PEHSTR_EXT)
- Klog.dat (PEHSTR_EXT)
- #botCommand% (PEHSTR_EXT)
- DDOSHTTPFLOOD (PEHSTR_EXT)
- ActiveOfflineKeylogger (PEHSTR_EXT)
- Comet RAT Legacy is already active in your system (PEHSTR_EXT)
- /*M.WM (SNID)
- Keylogger of Banker (PEHSTR_EXT)
- Keylogger_PayPal (PEHSTR_EXT)
- Device\varsao (PEHSTR_EXT)
- UnitKeylogger (PEHSTR)
- TServerKeylogger (PEHSTR_EXT)
- ServerKeyloggerU (PEHSTR_EXT)
- UnitKeylogger (PEHSTR_EXT)
- /GetActiveCommands (PEHSTR)
- /IssueCommand (PEHSTR)
- StartKeylogger (PEHSTR)
- *http://oppitronic.net/hidden/poc/logch.php (PEHSTR)
- Keylogger_Stub (PEHSTR_EXT)
- CurrentVersion\Run (PEHSTR_EXT)
- .exe (PEHSTR_EXT)
- GET /loaddd.php (PEHSTR_EXT)
- keylogger (PEHSTR_EXT)
- .uaneskeylogger.pl (PEHSTR_EXT)
- /upd.php?data= (PEHSTR_EXT)
- /loaddd.php?data= (PEHSTR_EXT)
- csrs.exe (PEHSTR_EXT)
- crsr.exe (PEHSTR_EXT)
- csrrs.exe (PEHSTR_EXT)
- \data\appdata.dll (PEHSTR_EXT)
- \data\appdata.dat (PEHSTR_EXT)
- \keylogger.dll (PEHSTR_EXT)
- \SERVICES.EXE (PEHSTR_EXT)
- Date:%u/%u/%u %u:%u (PEHSTR)
- SOFTWARE\ (PEHSTR)
- {PRINT SCREEN} (PEHSTR_EXT)
- trojansntldr.dll (PEHSTR_EXT)
- run.bat (PEHSTR_EXT)
- KeyLog Service Start... (PEHSTR_EXT)
- %s\%s (PEHSTR_EXT)
- mrxykey.log (PEHSTR_EXT)
- %2.2d:%2.2d:%2.2d (PEHSTR_EXT)
- !Tibia Keylogger\reckey_RES\IE\BHO (PEHSTR_EXT)
- ImRemoteKeylogger$$Finish (PEHSTR)
- PRINT-SCREEN} (PEHSTR_EXT)
- \cmd.html (PEHSTR_EXT)
- nitKeylogger (PEHSTR_EXT)
- SaLiLoG keylogger server (PEHSTR_EXT)
- winpckg.exe (PEHSTR_EXT)
- install.pck (PEHSTR_EXT)
- Rainy Keylogger Logs [ %s ] (PEHSTR_EXT)
- Keylogger (PEHSTR)
- ring.txt (PEHSTR_EXT)
- unitKeylogger (PEHSTR_EXT)
- KBDLLHookProc (PEHSTR_EXT)
- sendScreen (PEHSTR_EXT)
- EmailKeylogger (PEHSTR_EXT)
- RemoteCommands (PEHSTR_EXT)
- PrintScreentmr (PEHSTR_EXT)
- StartKeyLogger (PEHSTR_EXT)
- sendscreen (PEHSTR_EXT)
- KeyLogger (PEHSTR_EXT)
- InfectEXE (PEHSTR_EXT)
- SOFTWARE\Microsoft\Windows\CurrentVersion\Run (PEHSTR_EXT)
- n7aKeylogger (PEHSTR_EXT)
- TakeScreenShot (PEHSTR_EXT)
- Downaexec (PEHSTR_EXT)
- ScreenShot (PEHSTR_EXT)
- f.lux.Resources (PEHSTR_EXT)
- uKeyLogger (PEHSTR_EXT)
- ralphyx9876@gmail.com (PEHSTR_EXT)
- taznact002@gmail.com (PEHSTR_EXT)
- \Program Files\rkfree\rkfree.exe (PEHSTR_EXT)
- Revealer Keylogger Free (PEHSTR_EXT)
- rvlkl\cfg\cfg (PEHSTR_EXT)
- SendScreen (PEHSTR_EXT)
- dlExecute (PEHSTR_EXT)
- ActiveOnlineKeylogger (PEHSTR_EXT)
- #RemoteScreenSize (PEHSTR_EXT)
- Core.Keylogger (PEHSTR_EXT)
- Core.RemoteShell (PEHSTR_EXT)
- svc.cnf (PEHSTR)
- /%s/%s (PEHSTR)
- .exe run (PEHSTR)
- %s\KEY_%d_%0.2d_%0.2d.Klg (PEHSTR)
- *%s\SCR_%d_%0.2d_%0.2d_%0.2d%0.2d%0.2d.Slm (PEHSTR)
- '%s\WAV_%d%0.2d%0.2d%0.2d%0.2d%0.2d.Wlm (PEHSTR)
- *%s\CAM_%d_%0.2d_%0.2d_%0.2d%0.2d%0.2d.Clm (PEHSTR)
- fuvion.exe (PEHSTR_EXT)
- KeyloggerProcess (PEHSTR_EXT)
- ScreenshotHotList (PEHSTR_EXT)
- [Screen Lock] (PEHSTR_EXT)
- KeyLog.dll (PEHSTR_EXT)
- LOG.txt (PEHSTR_EXT)
- OnlineKeylogger| (PEHSTR_EXT)
- OfflineKeylogger|Start| (PEHSTR_EXT)
- UnitKeyLogger (PEHSTR_EXT)
- mUnitOfflineKeyLogger (PEHSTR_EXT)
- iSpy Keylogger (PEHSTR_EXT)
- SpyKeylogger (PEHSTR_EXT)
- ScreenshotLogger (PEHSTR_EXT)
- <Pause/Break> (PEHSTR_EXT)
- GetKeyloggerFilter (PEHSTR_EXT)
- Hahshes do not have the same lenght. (PEHSTR_EXT)
- System.Net.Mail (PEHSTR_EXT)
- \ZRAT\QRAT (PEHSTR_EXT)
- \QRAT_Client\PluginInterface\ (PEHSTR_EXT)
- \ClientPluginInterface.pdb (PEHSTR_EXT)
- DeleteKeyloggerLogs (PEHSTR_EXT)
- GetKeyloggerLogs (PEHSTR_EXT)
- LLoggerFile = svhost.exe (PEHSTR_EXT)
- LUploaderFile = spoolsvc.exe (PEHSTR_EXT)
- LCoreFile = explorers.exe (PEHSTR_EXT)
- WindowSpy.ahk or AU3_Spy.exe (PEHSTR_EXT)
- pwb.silent := true (PEHSTR_EXT)
- pwb.document.all.Submit.Click() (PEHSTR_EXT)
- \KeyLogger\obj\Debug\KeyLogger.pdb (PEHSTR_EXT)
- xClient.Core. (PEHSTR_EXT)
- DoUploadAndExecute (PEHSTR_EXT)
- [Left Ctrl][V][/Left Ctrl] (PEHSTR_EXT)
- [Rmouse] [/Rmouse] [Lmouse] [/Lmouse] (PEHSTR_EXT)
- sm.ps1 (PEHSTR_EXT)
- Offline Keylogger (PEHSTR_EXT)
- Screenshots (PEHSTR_EXT)
- send_shell_exec (PEHSTR_EXT)
- Password Cracker.exe (PEHSTR)
- Hotmail Hacker.exe (PEHSTR)
- NetBIOS Hacker.exe (PEHSTR)
- ICQ Hacker.exe (PEHSTR)
- Website Hacker.exe (PEHSTR)
- Keylogger.exe (PEHSTR)
- The Keylogger has been installed (PEHSTR)
- %ProgramFiles%\TMonitor\ (PEHSTR)
- www.MyKeyloggerOnline.com (PEHSTR)
- Windows Task Monitor.lnk (PEHSTR)
- HTTPFlood (PEHSTR)
- UntScreenCapture (PEHSTR)
- MasterAdvancedKeylogger (PEHSTR)
- \Start Menu\Programs\Startup\bitsigd.url (PEHSTR_EXT)
- HawkEye Keylogger (PEHSTR_EXT)
- /upload.php (PEHSTR_EXT)
- Reborn Stub.exe (PEHSTR_EXT)
- /bitsigd/bitsigd.vbs (PEHSTR_EXT)
- Offline Keylogger Started (PEHSTR_EXT)
- Offline Keylogger Stopped (PEHSTR_EXT)
- KeyloggerExecutor (PEHSTR)
- KeyloggerConfig (PEHSTR)
- SteamService.exe (PEHSTR)
- Shock_Labs_Keylogger_v1._0 (PEHSTR)
- C:\SysFile\appdat.ini (PEHSTR_EXT)
- C:\WINDOWS\system32\cmd.exe /c java.exe -jar C:\SysFile\mail.jar (PEHSTR_EXT)
- FinalKeyLogger (PEHSTR)
- HandleGetKeyloggerLogs (PEHSTR)
- CaptureScreen (PEHSTR)
- HandleDoUploadAndExecute (PEHSTR)
- GetKeyloggerLogs (PEHSTR)
- Keylogger And Clipboard (PEHSTR_EXT)
- Screenshot.jpeg (PEHSTR_EXT)
- \Log.txt (PEHSTR_EXT)
- AppData\Roaming\Thunderbird\Profiles (PEHSTR_EXT)
- isCtrlCExecuted (PEHSTR)
- -USB Keylogger using Event Tracing for Windows (PEHSTR)
- EnableKeylogger (PEHSTR_EXT)
- EnableScreenshot (PEHSTR_EXT)
- ExectionDelay (PEHSTR_EXT)
- EnableKeylogger (PEHSTR)
- RecInstruct.osnoned (PEHSTR_EXT)
- OsnoDebug.txt (PEHSTR_EXT)
- process.env.hook = 'Osno' (PEHSTR_EXT)
- Brought you by OsnoKeylogger (PEHSTR_EXT)
- SNAKE-KEYLOGGER (PEHSTR_EXT)
- FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb (PEHSTR_EXT)
- ShellExecuteA (PEHSTR_EXT)
- HOOK/MEMORY6 (PEHSTR_EXT)
- WHKEYBOARDLL (PEHSTR_EXT)
- Screenshot (PEHSTR_EXT)
- screenshot (PEHSTR_EXT)
- Calculator_2.Properties.Resources (PEHSTR_EXT)
- dTzkehxHXTvZxMOGmbAPMiXdtTsr.resources (PEHSTR_EXT)
- Sarawar.Properties.Resources (PEHSTR_EXT)
- C.PrivateStubWinForm.Properties.Resources (PEHSTR_EXT)
- mykeylogger (PEHSTR_EXT)
- C:\ProgramData\mylog_archive.txt (PEHSTR_EXT)
- mylog.txt (PEHSTR_EXT)
- malware.attack (PEHSTR_EXT)
- \log.txt (PEHSTR_EXT)
- Online Keylogger Started (PEHSTR_EXT)
- KEYLOGGER (PEHSTR_EXT)
- /UPLOADENC.php/ (PEHSTR_EXT)
- frmspklgr_setup.resources (PEHSTR_EXT)
- ESPIER KEYLOGGER (PEHSTR_EXT)
- spklgr.lnk (PEHSTR_EXT)
- Resources.reg.des.reg (PEHSTR_EXT)
- spklgr.Licencia.txt (PEHSTR_EXT)
- Snake Keylogger (PEHSTR_EXT)
- \SnakeKeylogger (PEHSTR_EXT)
- \Login Data (PEHSTR_EXT)
- //test.co/tst (PEHSTR_EXT)
- GameBox.Logo.resources (PEHSTR_EXT)
- GameBox.Properties (PEHSTR_EXT)
- AlarmClock.Resources.resources (PEHSTR_EXT)
- .Connections.State.resources (PEHSTR_EXT)
- .Dictionaries (PEHSTR_EXT)
- .Definitions.Mock.resources (PEHSTR_EXT)
- SecureLife.My.Resources (PEHSTR_EXT)
- Portalquiz.Properties.Resources (PEHSTR_EXT)
- StartKeylogger (PEHSTR_EXT)
- /c ping 1.1.1.1 -n (PEHSTR_EXT)
- remoteshell.php (PEHSTR_EXT)
- getCommand.php?id= (PEHSTR_EXT)
- receive.php?command= (PEHSTR_EXT)
- /upload.php?id= (PEHSTR_EXT)
- /check_panel.php (PEHSTR_EXT)
- connection.php (PEHSTR_EXT)
- GetKeyloggerData (PEHSTR_EXT)
- thekeydata.log (PEHSTR_EXT)
- Log.txt (PEHSTR_EXT)
- Software\ASProtect\SpecData (PEHSTR_EXT)
- \System\Iosubsys\Smartvsd.vxd (PEHSTR_EXT)
- Millionare.Properties.Resources (PEHSTR_EXT)
- re.txt (PEHSTR_EXT)
- C5.Client.KL.pdb (PEHSTR_EXT)
- set_CommandId (PEHSTR_EXT)
- tank_game_over.png (PEHSTR_EXT)
- NineRays.Obfuscator.Evaluation (PEHSTR_EXT)
- get_ExecutablePath (PEHSTR_EXT)
- TripleDESCryptoServiceProvider (PEHSTR_EXT)
- GetExecutingAssembly (PEHSTR_EXT)
- ComputeHash (PEHSTR_EXT)
- BuildEvent.Properties (PEHSTR_EXT)
- MMCHIA.exe (PEHSTR_EXT)
- RegAsm.exe (PEHSTR_EXT)
- kernel32.dll (PEHSTR_EXT)
- RatScreenModule (PEHSTR_EXT)
- RatStarter\Release Md\Rat (PEHSTR_EXT)
- svchost.exe (PEHSTR_EXT)
- https://user:password@www.contoso.com:80/Home/Index.htm (PEHSTR_EXT)
- https://cdn.discordapp.com/attachments (PEHSTR_EXT)
- HostExecutionContext (PEHSTR_EXT)
- m.pipedream.net (PEHSTR_EXT)
- keys.txt (PEHSTR_EXT)
- HttpClient (PEHSTR_EXT)
- HttpWebResponse (PEHSTR_EXT)
- Skype Technologies S.A. (PEHSTR_EXT)
- System.Threading (PEHSTR_EXT)
- Rat-Bot.exe (PEHSTR_EXT)
- CaptureScreen (PEHSTR_EXT)
- FinalProject.Properties.Resources.resources (PEHSTR_EXT)
- MapEditor.Propertie (PEHSTR_EXT)
- System.Reflection.Assembly (PEHSTR_EXT)
- https://discord.gg/udRhm3hYHM (PEHSTR_EXT)
- SELECT * FROM botnet.help; (PEHSTR_EXT)
- Windows Defender.pdb (PEHSTR_EXT)
- testwefwef\testwefwef (PEHSTR_EXT)
- \Lilith-master\x64\Debug\Lilith.pdb (PEHSTR_EXT)
- 127.0.0.1 (PEHSTR_EXT)
- keylog.txt (PEHSTR_EXT)
- log.txt (PEHSTR_EXT)
- powershell.exe (PEHSTR_EXT)
- BugTrackerFinalProject.Resources.resource (PEHSTR_EXT)
- get_ScriptTime (PEHSTR_EXT)
- CompressionMode (PEHSTR_EXT)
- VersioningHel.g.resources (PEHSTR_EXT)
- Intern\keylog\keylog\obj\Debug\keylog.pdb (PEHSTR_EXT)
- virus@satinfo.es (PEHSTR_EXT)
- Keylogger.Bladabindi (PEHSTR_EXT)
- Malware.Postal (PEHSTR_EXT)
- Ransom.Servcc (PEHSTR_EXT)
- Trojan.DistTrack (PEHSTR_EXT)
- Malware.Zambrano (PEHSTR_EXT)
- Lipps.Resources.resources (PEHSTR_EXT)
- CatHack.Properties.Resources (PEHSTR_EXT)
- FortudeSecond.Properties (PEHSTR_EXT)
- @del "c:\prog.bat">nul (PEHSTR_EXT)
- autorun.inf (PEHSTR_EXT)
- Informacje o systemie bot v.0.2 (PEHSTR_EXT)
- Keylogger started on chanel: %s (PEHSTR_EXT)
- rox.wieczorniwymiatacze.net (PEHSTR_EXT)
- BouncingBalls.Properties (PEHSTR_EXT)
- CopyFromScreen (PEHSTR_EXT)
- SoftRenderer.Properties (PEHSTR_EXT)
- InitializeComponent (PEHSTR_EXT)
- testlogin.Properties (PEHSTR_EXT)
- TryaAgain.Properties (PEHSTR_EXT)
- C:\Users\%s\AppData\Local\WinUpdate.exe (PEHSTR_EXT)
- C:\Users\%s\%d-%d-%d.bmp (PEHSTR_EXT)
- C:\Users\%s\AppData\Local\payload.ps1 (PEHSTR_EXT)
- keyLoggerMain (PEHSTR_EXT)
- C:\Users\%s\AppData\Local\.windows_defender.conf (PEHSTR_EXT)
- YFGGCVyufgtwfyuTGFWTVFAUYVF.exe (PEHSTR_EXT)
- keylogger\source\Debug\keylogger.pdb (PEHSTR_EXT)
- GAdminLib.ResourceDA (PEHSTR_EXT)
- Conway_s_Game.Properties (PEHSTR_EXT)
- Keylogger is up and running (PEHSTR_EXT)
- Downloads\mals\winkl\keylogger\src\Keylogger\x64\Release\Keylogger.pdb (PEHSTR_EXT)
- NicoPizzeria.Extensions (PEHSTR_EXT)
- NicoPizzeria.Helpers (PEHSTR_EXT)
- MoodDetector.DataAccess.Properties.Resources.resources (PEHSTR_EXT)
- LakkaPlaylistTool.Properties.Resources (PEHSTR_EXT)
- Keylogger started, see keyloggs at http://{vicitm IP}:8080/keylogger/keylogg.txt (PEHSTR_EXT)
- \ransomware.bat (PEHSTR_EXT)
- \output_firefox.txt (PEHSTR_EXT)
- Usage: steal_pwd <firefox/google> (PEHSTR_EXT)
- SecureHorizons.g.resources (PEHSTR_EXT)
- Anarchy.g.resources (PEHSTR_EXT)
- =Failed to created process with duplicated token. Error code: (PEHSTR)
- \Keylogger\obj\Debug\ (PEHSTR_EXT)
- Client.Modules.Keylogger (PEHSTR)
- Client.Modules.Clipper (PEHSTR)
- .Targets.Browsers (PEHSTR)
- Passwords.Targets.System (PEHSTR)
- OfflineKeylogger (PEHSTR_EXT)
- api.telegram.org/bot (PEHSTR_EXT)
- -ExecutionPolicy Bypass (PEHSTR_EXT)
- keylogger.log (PEHSTR_EXT)
- _uninsdm.bat (PEHSTR_EXT)
- \$ E3 (PEHSTR_EXT)
- BTRESULTHTTP Flood|Http Flood task finished (PEHSTR_EXT)
- shutdown.exe /f /r /t 0 (PEHSTR)
- 8OfflineKeylogger Not EnabledOfflineKeylogger Not Enabled (PEHSTR)
- AFDK\AFDK\x64\Release\AFDK.pdb (PEHSTR_EXT)
- Your Polymorphic Keylogger has been activated on (PEHSTR_EXT)
- \Windows Firewall\config\ (PEHSTR_EXT)
- get_PrimaryScreen (PEHSTR_EXT)
- DACls.exe (PEHSTR_EXT)
- DACls.pdb (PEHSTR_EXT)
- DACls.g.resources (PEHSTR_EXT)
- %08x.exe (PEHSTR_EXT)
- 155.15.133.69 (PEHSTR_EXT)
- 197.182.186.212 (PEHSTR_EXT)
- schtasks /create /tn "MyTask" /tr "%s" /sc daily /st 12:00 (PEHSTR_EXT)
- DH_TinyKeylogger (PEHSTR_EXT)
- KAccesible Because They Have Been Encrypted. Maybe You Are Busy Looking For (PEHSTR_EXT)
- TYou Cannnot Decrypt your files for free. after payment try now by clicking (PEHSTR_EXT)
- YYou Only Have 3 Days to Submit the payment. After that this window will be closed forever (PEHSTR_EXT)
- :\TEMP\KeyLog.txt (PEHSTR_EXT)
- \MmNew.pdb (PEHSTR_EXT)
- taskkill /im System.dll (PEHSTR_EXT)
- REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f (PEHSTR_EXT)
- REG add HKCU\Software\Policies\Microsoft\Windows\System /v DisableCMD /t REG_DWORD /d 1 /f (PEHSTR_EXT)
- ReVaLaTioN Keylogger Log (PEHSTR_EXT)
- HKEY_CURRENT_USER\Software\IMVU\username\ (PEHSTR_EXT)
- HKEY_CURRENT_USER\Software\IMVU\password\ (PEHSTR_EXT)
- [LOG].txt (PEHSTR_EXT)
- C:\KFJD947DHC.exe (PEHSTR_EXT)
- Keylogger is up and running. (PEHSTR_EXT)
- Discord Keylogger.pdb (PEHSTR)
- mountvol Z: /d (PEHSTR_EXT)
- copy BOOTX64.efi Z:\EFI\Boot\BOOTX64.efi (PEHSTR_EXT)
- copy BOOTX64.efi Z:\EFI\Microsoft\Boot\bootmgfw.efi (PEHSTR_EXT)
- CustomMSGBox.exe (PEHSTR_EXT)
- BananaAntimatterTrojan.pdb (PEHSTR_EXT)
- Plugins\Wallets.dll (PEHSTR_EXT)
- Cmd / Powershell (PEHSTR_EXT)
- HKEY_CURRENT_USER\SOFTWARE\AsyncRAT (PEHSTR_EXT)
- //127.0.0.1/payload.exe (PEHSTR_EXT)
- /c2/data (PEHSTR_EXT)
- vmware.exe (PEHSTR_EXT)
- HttpSendRequestA (PEHSTR_EXT)
- limiteci/WannaCry/raw/main/WannaCry.EXE (PEHSTR_EXT)
- cmd /c image.png (PEHSTR_EXT)
- pastebin.com/raw/LwwcrLg4 (PEHSTR_EXT)
- Plugins\HVNCStub.dll (PEHSTR_EXT)
- Plugins\Keylogger.exe (PEHSTR_EXT)
- Plugins\SendMemory.dll (PEHSTR_EXT)
- discord.com/api/webhooks (PEHSTR_EXT)
- VenomSteal.zip (PEHSTR_EXT)
- Plugins\Logger.dll (PEHSTR_EXT)
- passwords.json (PEHSTR_EXT)
- .GetAsyncKeyState (PEHSTR_EXT)
- .GetKeyboardState (PEHSTR_EXT)
- Keylogger-main/main.go (PEHSTR_EXT)
- https://www.vascocorretora.com.br/PPI/ (PEHSTR_EXT)
- \SnakeKeylogger\ (PEHSTR_EXT)
- KeyLoggerEventArgs (PEHSTR_EXT)
- \discord\Local Storage\leveldb\ (PEHSTR_EXT)
- \Kinza\User Data\Default\Login Data (PEHSTR_EXT)
- \Sputnik\Sputnik\User Data\Default\Login Data (PEHSTR_EXT)
- \BlackHawk\User Data\Default\Login Data (PEHSTR_EXT)
- DeleteTextbox.MainForms.resources (PEHSTR_EXT)
- TextBoxMaskInput.Properties.Resources (PEHSTR_EXT)
- GetDumperDLLName (PEHSTR_EXT)
- GetDumperDLLVersion (PEHSTR_EXT)
- InstallDumperDLL (PEHSTR_EXT)
- UninstallDumperDLL (PEHSTR_EXT)
- DumperDLLMutex (PEHSTR_EXT)
- GetComputerName Failed (PEHSTR_EXT)
- BlackHawk\User Data\Default\Login Data (PEHSTR_EXT)
- SnakeKeylogger (PEHSTR_EXT)
- software\microsoft\windows\currentversion\run (PEHSTR_EXT)
- Falcon_Keylogger (PEHSTR_EXT)
- AgroFarm.WarehouseStatusReport.resources (PEHSTR_EXT)
- biliousnesses.exe (PEHSTR_EXT)
- paradichlorbenzol krydseres.exe (PEHSTR_EXT)
- ENCRYPTED:CPB7ti0A5zas/0dF4XBKzDiUIfmQ5RgrLQvDrYCST4M= (PEHSTR_EXT)
- passwords.txt (PEHSTR_EXT)
- api.telegram.org (PEHSTR_EXT)
- keylogger.exe (PEHSTR_EXT)
- CocCocCrashHandler.pdb (PEHSTR_EXT)
- Telegram.Bot.Types (PEHSTR_EXT)
- SystemLogger.Hooking (PEHSTR_EXT)
- BdayBuddy.Loading.resources (PEHSTR_EXT)
- SSH_Keylogger_Stub.Form1.resources (PEHSTR_EXT)
- KeyLoggerEventArgsEventHandler (PEHSTR_EXT)
- SBMS.Properties.Resources.resources (PEHSTR_EXT)
- /sendMessage?chat_id= (PEHSTR_EXT)
- Process already elevated. (PEHSTR_EXT)
- GetKeyloggerLogsDirectory (PEHSTR_EXT)
- BQuasar.Client.Extensions. (PEHSTR_EXT)
- ParkMaster.Properties.Resources.resources (PEHSTR_EXT)
- SecureMode.Properties.Resources (PEHSTR_EXT)
- .executeCommand (PEHSTR_EXT)
- .getProcessList (PEHSTR_EXT)
- .NewClient (PEHSTR_EXT)
- .NewKeylogger (PEHSTR_EXT)
- .detectEnvironment (PEHSTR_EXT)
- .testClipboardRedirection (PEHSTR_EXT)
- .captureScreenshot (PEHSTR_EXT)
- 1.6.1908.0 (PEHSTR_EXT)
- QLDTDD_FPT.Mainform.resources (PEHSTR_EXT)
- main.decryptData (PEHSTR_EXT)
- shellCommand (PEHSTR_EXT)
- runKeylogger (PEHSTR_EXT)
- salat/main (PEHSTR_EXT)
- ProjectLogfuck.pdb (PEHSTR)
- CSVViewer.Properties.Resources (PEHSTR_EXT)
- BaselineTool.Properties.Resources (PEHSTR_EXT)
- DesktopProject.Properties.Resources (PEHSTR_EXT)
- Advanced Invisible Keylogger (Keystrokes Typed) (PEHSTR_EXT)
- SOFTWARE\Winsoul\ (PEHSTR_EXT)
- .dll (PEHSTR_EXT)
- .address.com (PEHSTR_EXT)
- \Family Keylogger 4\Family Keylogger.lnk (PEHSTR_EXT)
- mailto:suport@spyarsenal.com?subject=FKL4 (PEHSTR_EXT)
- <div class="wintitle">[%02d/%02d/%04d, %02d:%02d]. User: "%s". Window title:"%s"</div> (PEHSTR_EXT)
- c:\temp\temp (PEHSTR_EXT)
- 0-9.txt (PEHSTR_EXT)
- -new http://spyarsenal.com/cgi-bin/reg.pl?p=fkl&key=%s&v=%s (PEHSTR_EXT)
- \family key logger\help.lnk (FILEPATH)
- \familykeylogger\keylogger.dll (FILEPATH)
- \familykeylogger\uninstall.exe (FILEPATH)
- \family key logger\uninstall.lnk (FILEPATH)
- \family key logger\quick start.lnk (FILEPATH)
- \familykeylogger\resetsettings.bat (FILEPATH)
- \family key logger\reset settings.lnk (FILEPATH)
- \family key logger\links\registration.lnk (FILEPATH)
- \family key logger\links\mail to support.lnk (FILEPATH)
- \family key logger\links\download lastest version.lnk (FILEPATH)
- \familykeylogger (FOLDERNAME)
- \family keylogger (FOLDERNAME)
- \programs\family key logger (FOLDERNAME)
- software\kmint21\familykeylogger (REGKEY)
- \sync manager\syncconfig.exe (FILEPATH)
- \sync manager\agent\syncagent.dll (FILEPATH)
- \sync manager\agent\syncagent.exe (FILEPATH)
- \sync manager (FOLDERNAME)
- \sync manager demo (FOLDERNAME)
- \sync manager demo\syncconfig.exe (ASEP_FILEPATH)
- \sync manager demo\agent\syncagent.dll (ASEP_FILEPATH)
- \sync manager demo\agent\syncagent.exe (ASEP_FILEPATH)
- HOMEKEYLOGGER_MUTEX (PEHSTR_EXT)
- CKMiNT21HOMEKEYLOGGER (PEHSTR_EXT)
- \homekeylogger (FOLDERNAME)
- \home key logger (FOLDERNAME)
- Software\microsoft\windows\currentversion\uninstall\HomeKeyLogger (REGKEY)
- \homekeylogger\keylogger.dll (ASEP_FILEPATH)
- \homekeylogger\keylogger.exe (ASEP_FILEPATH)
- \homekeylogger\uninstall.exe (ASEP_FILEPATH)
- Invisible Keylogger (PEHSTR_EXT)
- \invisible keylogger\web.dll (FILEPATH)
- \invisible keylogger\uninstall.exe (FILEPATH)
- \invisible keylogger (FOLDERNAME)
- \programs\spypatrol invisible keylogger (FOLDERNAME)
- \iks.dat (FILEPATH)
- \log viewer for iks.lnk (FILEPATH)
- \drivers\iks.sysdatview.exe (FILEPATH)
- system\controlset001\services\iks (REGKEY)
- system\controlset002\services\iks (REGKEY)
- system\currentcontrolset\services\iks (REGKEY)
- system\controlset001\enum\root\legacy_iks (REGKEY)
- system\controlset002\enum\root\legacy_iks (REGKEY)
- system\currentcontrolset\enum\root\legacy_iks (REGKEY)
- Command1 (PEHSTR_EXT)
- IMAGEHLP.dll (PEHSTR_EXT)
- \nsys.exe (FILEPATH)
- software\netspy\pwd (REGKEY)
- software\netspy\file (REGKEY)
- software\netspy\menu (REGKEY)
- software\netspy\path (REGKEY)
- software\netspy\spkey (REGKEY)
- software\netspy\keylog (REGKEY)
- software\netspy\keymax (REGKEY)
- software\netspy\splash (REGKEY)
- software\netspy\urlmax (REGKEY)
- software\s7000\string1 (REGKEY)
- software\netspy\autorun (REGKEY)
- software\netspy\newfile (REGKEY)
- software\netspy\scrsave (REGKEY)
- software\netspy\interval (REGKEY)
- software\netspy\newkfile (REGKEY)
- software\netspy\username (REGKEY)
- software\netspy\autoerase (REGKEY)
- software\netspy\duplicates (REGKEY)
- wb.dll (PEHSTR)
- hk.dll (PEHSTR)
- titles.dat (PEHSTR)
- apps.dat (PEHSTR)
- pk.bin (PEHSTR)
- Setup=rinst.exe (PEHSTR)
- Perfect Keylogger (PEHSTR)
- %APPDATA%\BPK\ (PEHSTR)
- web.dat (PEHSTR)
- bpkch.dat (PEHSTR)
- vw.exe (PEHSTR)
- bpk.chm (PEHSTR)
- bpk.dat (PEHSTR)
- rinst.exe (PEHSTR)
- http://www.blazingtools.com (PEHSTR)
- bsdhooks.dll (PEHSTR)
- Program Files\BPK (PEHSTR)
- Software\Blazing Tools (PEHSTR)
- \wb.dll (PEHSTR)
- r.exe (PEHSTR)
- =>Keylogger Start (PEHSTR)
- %s\saopts.dat (PEHSTR_EXT)
- \spytech software\spyagent\spyagent.exe (FILEPATH)
- \spytech spyagent (FOLDERNAME)
- \programs\spytech spyagent (FOLDERNAME)
- \spytech software\spyagent (FOLDERNAME)
- \spytech software\spytech spyagent (FOLDERNAME)
- \spytech software\spyagent professional (FOLDERNAME)
- software\microsoft\windows\currentversion\uninstall\spytech spyagent (REGKEY)
- software\microsoft\windows\currentversion\uninstall\spytech spyagent professional (REGKEY)
- \spytech software\spytech spyagent\deploy.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\svchost.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\sysdiag.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\nostealth.exe (ASEP_FILEPATH)
- \spytech software\spytech spyagent\driver-setup.exe (ASEP_FILEPATH)
- \tiny keylogger v2.0 (FOLDERNAME)
- \tiny keylogger v2.0\tkey.exe (ASEP_FILEPATH)
- " alt=""/></p> (PEHSTR)
- \Akl\kh\Release\kh.pdb (PEHSTR)
- AKL.006 (PEHSTR)
- AKL.007 (PEHSTR)
- AKL.dll (PEHSTR)
- Projects\AKL\kh (PEHSTR)
- cts\AKL\kh\Release\kh.pdb (PEHSTR)
- AKV.exe (PEHSTR)
- )</body></html> (PEHSTR)
- Loading Keystrokes Log... (PEHSTR)
- %"%s" Keystrokes Log file cannot open. (PEHSTR)
- #"%s" Keystrokes Log file corrupted. (PEHSTR)
- (Unknown "%s" Keystrokes Log file format. (PEHSTR)
- Filtering Keystrokes Log... (PEHSTR)
- Storing Keystrokes Log... (PEHSTR)
- Searching logs... (PEHSTR)
- Logs not found. (PEHSTR)
- Loading Screenshots... (PEHSTR)
- ""%s" Screenshots file cannot open. (PEHSTR)
- "%s" Screenshots file corrupted. (PEHSTR)
- kl.dll (PEHSTR_EXT)
- Software\Borland\Delphi\Locales (PEHSTR_EXT)
- KeyLoggerSharedMem (PEHSTR_EXT)
- \spykeylogger (FOLDERNAME)
- \spy-keylogger (FOLDERNAME)
- \programs\spy-keylogger (FOLDERNAME)
- SOFTWARE\Spy-Keylogger (REGKEY)
- SYSTEM\CurrentControlSet\Services\SpyKeyloggerService (REGKEY)
- Software\microsoft\windows\currentversion\uninstall\Spy-Keylogger (REGKEY)
- \spykeylogger\kl.dll (ASEP_FILEPATH)
- \spykeylogger\kls.dll (ASEP_FILEPATH)
- \spykeylogger\skl.dll (ASEP_FILEPATH)
- \spykeylogger\skl.exe (ASEP_FILEPATH)
- \spykeylogger\sklc.dll (ASEP_FILEPATH)
- \spykeylogger\skls.exe (ASEP_FILEPATH)
- \spykeylogger\uninstall.exe (ASEP_FILEPATH)
- \remote keylogger (FOLDERNAME)
- \common files\remote keylogger (FOLDERNAME)
- \remote keylogger\rkl1.01-static.exe (ASEP_FILEPATH)
- \remote keylogger\rkl1.01-dynamic.exe (ASEP_FILEPATH)
- \kp32 (FOLDERNAME)
- \keylogger pro (FOLDERNAME)
- \keylogger pro trial (FOLDERNAME)
- \exploreanywhere\keyloggerpro (FOLDERNAME)
- SOFTWARE\ExploreAnywhere Software\KeyloggerPro (REGKEY)
- Software\microsoft\windows\currentversion\uninstall\Keylogger Pro (REGKEY)
- \exploreanywhere\keyloggerpro\klp32.exe (ASEP_FILEPATH)
- \exploreanywhere\keyloggerpro\keyloggerpro.exe (ASEP_FILEPATH)
- actualspyrep@gmail.com (PEHSTR)
- ftp.actualspy.com (PEHSTR)
- Software\AKMonitor\ (PEHSTR)
- Software\ASMon\ (PEHSTR)
- hprog.dll (PEHSTR_EXT)
- hkdll.dll (PEHSTR_EXT)
- from hookdll.dll (PEHSTR_EXT)
- Software\Borland\Locales (PEHSTR_EXT)
- Software\AKProgram\Keylogger (PEHSTR_EXT)
- to show Actual Keylogger (PEHSTR_EXT)
- Actual Keylogger_is (PEHSTR_EXT)
- t/j8j (PEHSTR_EXT)
- \asmonitor (FOLDERNAME)
- \actual spy (FOLDERNAME)
- Software\ASMonitor (REGKEY)
- Software\ActualSpy (REGKEY)
- SOFTWARE\ActualSpy (REGKEY)
- SOFTWARE\ActualSpy\Main (REGKEY)
- SOFTWARE\ActualSpy\Email (REGKEY)
- SOFTWARE\ActualSpy\Report (REGKEY)
- ScreentshotPageCol (PEHSTR_EXT)
- .com/xpadvancedkeylogger/ (PEHSTR_EXT)
- Advanced Keylogger is watching you (PEHSTR_EXT)
- Preparing to send log via email... (PEHSTR_EXT)
- PRODUCED BY ADVANCED KEYLOGGER LOG PARSER (PEHSTR_EXT)
- Software\WideStep\EliteKeylogger (PEHSTR_EXT)
- WideStep Elite Keylogger (PEHSTR_EXT)
- \widestep elite keylogger 2.6 (FOLDERNAME)
- \widestep software\elite keylogger (FOLDERNAME)
- \programs\widestep elite keylogger 3.0 (FOLDERNAME)
- Software\WideStep (REGKEY)
- SYSTEM\CurrentControlSet\Services\extfs (REGKEY)
- SYSTEM\CurrentControlSet\Services\tdiip (REGKEY)
- SYSTEM\CurrentControlSet\Services\usbkbd (REGKEY)
- \widestep software\elite keylogger\uninstall.exe (ASEP_FILEPATH)
- \widestep software\elite keylogger\logs viewer.exe (ASEP_FILEPATH)
- Powered keylogger (PEHSTR_EXT)
- \keylogger (FOLDERNAME)
- \keyloggerelpow_spy (FOLDERNAME)
- \programs\powered keylogger (FOLDERNAME)
- SYSTEM\CurrentControlSet\Services\elpow_spy (REGKEY)
- \all in one.lnk (FILEPATH)
- \microsoft\internet explorer\quick launch\all in one.lnk (FILEPATH)
- \relytec (FOLDERNAME)
- \enihcamtaog (FOLDERNAME)
- Software\microsoft\windows\currentversion\uninstall\All In One Keylogger 2.7_is1 (REGKEY)
- \enihcamtaog\csrss.exe (ASEP_FILEPATH)
- \chatlogs.dll (FILEPATH)
- \activity keylogger.lnk (FILEPATH)
- \activity keylogger (FOLDERNAME)
- Software\Activity Keylogger (REGKEY)
- PRODUCED BY HANDY KEYLOGGER LOG PARSER (PEHSTR_EXT)
- WideStep Software. (PEHSTR_EXT)
- Handy Keylogger: (PEHSTR_EXT)
- Keylogger's threads shut down successfully. (PEHSTR_EXT)
- HW_KEYBOARD hook installation successful. (PEHSTR_EXT)
- HW_GETMESSAGE hook installation error. (PEHSTR_EXT)
- support@widestep.com (PEHSTR_EXT)
- one instance of the Handy Keylogger can be launched (PEHSTR_EXT)
- Handy Keylogger registration... (PEHSTR_EXT)
- \shadow32.exe (FILEPATH)
- \xmlext (FOLDERNAME)
- SYSTEM\CurrentControlSet\Services\svchost (REGKEY)
- \systemkey (FOLDERNAME)
- Software\SystemKey (REGKEY)
- www.e-spy-software.com (PEHSTR_EXT)
- Timer_Keylogger (PEHSTR_EXT)
- Spy007.MyXPButton (PEHSTR_EXT)
- \common files\microsoft shared\dao\ssdata (FOLDERNAME)
- \common files\microsoft shared\dao\svchost.exe (ASEP_FILEPATH)
- \microsoft\internet explorer\quick launch\free keylogger.lnk (FILEPATH)
- \free keylogger (FOLDERNAME)
- \programs\free keylogger (FOLDERNAME)
- Software\microsoft\windows\currentversion\uninstall\Free Keylogger_is1 (REGKEY)
- \free keylogger\freekeylogger.exe (ASEP_FILEPATH)
- http://www.paqtool.com/product/keylog/keylog_ (PEHSTR_EXT)
- You have already started Keylog. (PEHSTR_EXT)
- \paq keylog.lnk (FILEPATH)
- \programs\paqtool\paq keylog.lnk (FILEPATH)
- \programs\paqtool\uninstall paq keylog.lnk (FILEPATH)
- \paqtool\keylog (FOLDERNAME)
- Software\microsoft\windows\currentversion\uninstall\Paq KeyLog_is1 (REGKEY)
- \paqtool\keylog\moni.exe (ASEP_FILEPATH)
- \paqtool\keylog\remote.exe (ASEP_FILEPATH)
- \paqtool\keylog\icosdll.dll (ASEP_FILEPATH)
- \winservc (FOLDERNAME)
- \123keylogger software (FOLDERNAME)
- SYSTEM\CurrentControlSet\Services\InvisSys (REGKEY)
- Software\microsoft\windows\currentversion\uninstall\123Keylogger (REGKEY)
- \pc spy keylogger.lnk (FILEPATH)
- \pc spy keylogger (FOLDERNAME)
- Software\Classes\ToolKeyloggerDLL.Hotkey (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Screen (REGKEY)
- Software\Classes\ToolKeyloggerDLL.BlockExe (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Hotkey.1 (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Keyboard (REGKEY)
- Software\Classes\ToolKeyloggerDLL.LogToFTP (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Password (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Screen.1 (REGKEY)
- Software\Classes\ToolKeyloggerDLL.TaskList (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Clipboard (REGKEY)
- Software\Classes\ToolKeyloggerDLL.LogToMail (REGKEY)
- Software\Classes\ToolKeyloggerDLL.BlockExe.1 (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Keyboard.1 (REGKEY)
- Software\Classes\ToolKeyloggerDLL.LogToFTP.1 (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Password.1 (REGKEY)
- Software\Classes\ToolKeyloggerDLL.TaskList.1 (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Application (REGKEY)
- Software\Classes\ToolKeyloggerDLL.Clipboard.1 (REGKEY)
- \auto keylogger (FOLDERNAME)
- \programs\auto keylogger (FOLDERNAME)
- Software\microsoft\windows\currentversion\uninstall\Auto Keylogger (REGKEY)
- \auto keylogger\kl.exe (ASEP_FILEPATH)
- \auto keylogger\uninst.exe (ASEP_FILEPATH)
- \auto keylogger\klkernel.exe (ASEP_FILEPATH)
- GOLDEN KEYLOGGER (PEHSTR_EXT)
- http://spyarsenal.com/cgi-bin/reg.pl?p=GKL&key=%s&v=%s&email=%s (PEHSTR_EXT)
- ALL ACTIVITIES ON THIS SYSTEM ARE MONITORED. (PEHSTR_EXT)
- \wsg32 (FOLDERNAME)
- \golden keylogger (FOLDERNAME)
- Software\microsoft\windows\currentversion\uninstall\GoldenKeylogger (REGKEY)
- \tim?s keylogger (FILEPATH)
- \tim?s keylogger (FOLDERNAME)
- \programs\tim?s keylogger (FOLDERNAME)
- Software\microsoft\windows\currentversion\uninstall\tim?s Keylogger_is1 (REGKEY)
- \tim?s keylogger\keylogger.exe (ASEP_FILEPATH)
- \syscap (FOLDERNAME)
- Log Files (*.ltr) (PEHSTR_EXT)
- Spydex, Inc. (PEHSTR_EXT)
- report_key_bottom.templ (PEHSTR_EXT)
- gateway.messenger.hotmail.com (PEHSTR_EXT)
- %s\PIPE\%s_ctrl (PEHSTR_EXT)
- \\%s\PIPE\%s_data%u (PEHSTR_EXT)
- Spy Lantern Keylogger (PEHSTR_EXT)
- %s\db (PEHSTR_EXT)
- Spy Lantern Keylogger\ (PEHSTR_EXT)
- \programs\spy lantern keylogger (FOLDERNAME)
- SYSTEM\CurrentControlSet\Services\TabydeSrv (REGKEY)
- SYSTEM\CurrentControlSet\Services\TabydeDriver (REGKEY)
- Software\microsoft\windows\currentversion\uninstall\Spy Lantern Keylogger (REGKEY)
- rkfree.exe (PEHSTR_EXT)
- \rvlkl (FOLDERNAME)
- By Demon Keylogger 1.0 (PEHSTR)
- EngineAP.dll (PEHSTR)
- \Release\SSEngine.pdb (PEHSTR)
- AntivirusPro\SSEngine\Release (PEHSTR)
- d_REGBACKUP.sbk (PEHSTR)
- Engine.dat file does not exist (PEHSTR)
- Software\AntivirusPro (PEHSTR)
- antivirus-pro-site.com (PEHSTR)
- C:\SSEngine.dll (PEHSTR)
- !Repair process has been completed (PEHSTR)
- RAdwarePro\NewEngine\Rebrands\AntivirusDoktor\Bin\release\Antivirus Doktor 2009.pdb (PEHSTR)
- Software\AntivirusDoktorNE (PEHSTR)
- AntiMalware_Pro.exe (PEHSTR)
- Keyloggers (PEHSTR)
- AntiMalware_Pro.pdb (PEHSTR)
- //join1.php (PEHSTR)
- latestversion/123.exe (PEHSTR)
- latestversion/AntiMalwarePro.exe (PEHSTR_EXT)
- Anti-Virus-Pro.install (PEHSTR_EXT)
- Anti-Virus-Pro successfully instaled. (PEHSTR_EXT)
- EngineAP.dll (PEHSTR_EXT)
- Senzala Keylogger (PEHSTR)
- Windows Media Player\skype.exe (PEHSTR)
- smtp.mail.yahoo.com.br (PEHSTR)
- @hotmail.com (PEHSTR)
- Free Quick Keylogger (PEHSTR_EXT)
- quick_engine.exe (PEHSTR_EXT)
- qk_user_guide.htm (PEHSTR_EXT)
- QuickAppInit.dll (PEHSTR_EXT)
- Free Quick Keylogger Log.htm (PEHSTR_EXT)
- widestep.com (PEHSTR_EXT)
- Free Quick Keylogger is already running. (PEHSTR_EXT)
- Thank you for choosing Free Quick Keylogger (PEHSTR_EXT)
- HW_GETMESSAGE hook uninstallation successful. (PEHSTR_EXT)
- quicklogs.bin (PEHSTR_EXT)
- quick.jrn (PEHSTR_EXT)
- one instance of the Free Quick Keylogger can be launched (PEHSTR_EXT)
- while switching to invisible mode. (PEHSTR_EXT)
- QuickKeyloggerClass (PEHSTR_EXT)
- Now, please, launch the Keylogger for the first time. (PEHSTR_EXT)
- @Keylogger installation complete. (PEHSTR_EXT)
- ulklfemon.dll (PEHSTR)
- \SilentKey (PEHSTR)
- ukfree.cfg (PEHSTR)
- KLKlMon.dll (PEHSTR_EXT)
- evaluation copy of Ultimate Keylogger has EXPIRED! (PEHSTR_EXT)
- contact support@ultimatekeylogger.com (PEHSTR_EXT)
- include your License Key in ukl.ini file. (PEHSTR_EXT)
- passwords you typed do not mutch. (PEHSTR_EXT)
- KRyLack Keylogger (PEHSTR_EXT)
- \uklpr (FOLDERNAME)
- WinCbt.dll (PEHSTR_EXT)
- \WinCbt\Release\WinCbt.pdb (PEHSTR_EXT)
- KbdHook.dll (PEHSTR_EXT)
- www.1-spy.com (PEHSTR_EXT)
- KeyloggerReport (PEHSTR_EXT)
- Shadow_Keylogger.Resources (PEHSTR_EXT)
- KeyloggerOnline.com (PEHSTR_EXT)
- Disabled Keylogger! (PEHSTR_EXT)
- Global\tm- (PEHSTR_EXT)
- Keylogger v23 (PEHSTR_EXT)
- Keylogger Deactivated! (PEHSTR_EXT)
- Deactivated Keylogger! (PEHSTR_EXT)
- \sessionstore.js (PEHSTR_EXT)
- /Silent /NoIcon (PEHSTR)
- \ProKAward (FOLDERNAME)
- \kl.exe (PEHSTR_EXT)
- /Silent /NoIcon (PEHSTR_EXT)
- logSystem.txt (PEHSTR_EXT)
- log.dic (PEHSTR_EXT)
- \tasks\index.dat (PEHSTR)
- \CurrentVersion\Run (PEHSTR)
- Keylogger_TheBestKeylogger (PEHSTR_EXT)
- TakeScreenshotonMouseClick (PEHSTR_EXT)
- FTPSendScreenshot (PEHSTR_EXT)
- RegisterFKL.resources (PEHSTR_EXT)
- chkEnableScreenshots (PEHSTR_EXT)
- chkDonotUsbScreen (PEHSTR_EXT)
- chkDonotEmailScreen (PEHSTR_EXT)
- chkDonotFtpScreen (PEHSTR_EXT)
- chkDonotNetworkScreen (PEHSTR_EXT)
- Jvm@/ (SNID)
- SOFTWARE\Borland\Delphi\RTL (PEHSTR)
- Mpk.dll (PEHSTR_EXT)
- Mpki.dll (PEHSTR_EXT)
- WM_GETWNDDLL (PEHSTR_EXT)
- www.refog.com/unins (PEHSTR_EXT)
- mpkview.exe (PEHSTR_EXT)
- SOFTWARE\Refog Software (PEHSTR_EXT)
- {commonappdata}\MPK (PEHSTR_EXT)
- Please use Employee Monitor or Terminal Monitor version. (PEHSTR_EXT)
- KGB Spy Home.lnk (PEHSTR_EXT)
- REFOG Keylogger.lnk (PEHSTR_EXT)
- http://www.refog.com (PEHSTR_EXT)
- MPK.dll (PEHSTR_EXT)
- MPK64.dll (PEHSTR_EXT)
- MPKView.exe_MAIN (PEHSTR_EXT)
- /keylogger/upgrade_to_spy.html (PEHSTR_EXT)
- /files/keyspectpro.exe (PEHSTR_EXT)
- /updates/integrity/ (PEHSTR_EXT)
- REFOG Free Keylogger (PEHSTR_EXT)
- MpkNetInstall.exe - application installer (PEHSTR_EXT)
- Pz:\Projects\ReleaseRepository\MonitorProject\Delphi\Distr\RefogMonitor\Mpk64.pdb (PEHSTR)
- Mpk64.dll (PEHSTR_EXT)
- TongKeyLogger (PEHSTR_EXT)
- Software\Microsoft\Windows\CurrentVersion\Run (PEHSTR_EXT)
- Status: Mail sent success. (PEHSTR_EXT)
- {Print Screen} (PEHSTR_EXT)
- {Scroll Lock} (PEHSTR_EXT)
- Aaron Keylogger (PEHSTR_EXT)
- http://remote-keylogger.net (PEHSTR_EXT)
- http://refud.me/scan.php (PEHSTR_EXT)
- http://everbot.pl/cs/reg.php?id= (PEHSTR_EXT)
- c:\users\Public\MicTray.log (FILEPATH)
- \UltraNic\UltraNic\ (PEHSTR_EXT)
- /log.txt (PEHSTR_EXT)
- cmd.exe /c ping 0 -n (PEHSTR_EXT)
- !#HSTR:StringCodeForMshta.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.C!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.D!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.L!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.O!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRegsvr32.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRundll32.A!pli (PEHSTR_EXT)
- rundll32 (PEHSTR_EXT)
- !#HSTR:StringCodeForBITSJobs.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForPowerShell.G!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForScheduledTask.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForDataEncoding.D!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.J!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.K!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRemoteFileCopy.B!pli (PEHSTR_EXT)
- !#HSTR:ExecutionGuardrails (PEHSTR_EXT)
- !#HSTR:StringCodeForFileDeletion.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForHooking.M!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForNetshHelperDLL.A!pli (PEHSTR_EXT)
- !#HSTR:StringCodeForRemoteServices.A!pli (PEHSTR_EXT)d9830213d3d73a30020a30bbc409efc55992cd8618ed305e87f0bc3e2a10a7f2Immediately isolate the infected system from the network. Perform a full system scan with updated antivirus software, then change all potentially compromised passwords (email, banking, social media, network credentials) after the system is confirmed clean. Enhance user education on phishing and social engineering tactics.