KPOT Stealer

Functionality (recursion of browsers and wallet.dat is performed in% localappdata%,% appdata%, selection of the type of cookie storage in the admin panel):
Collection of passwords, forms of autofilling, cookies, masked CC from almost all Chromium-Based browsers. Implemented by recursion
Collecting passwords, forms, auto-complete, cookies from almost all Mozilla-Based browsers.Also recursion, since My software works directly with key3.db (I will add key4.db soon), it does not need the registry, so the possibility of recursion appears. Thunderbird refers to the same list.
Collect passwords Internet Explorer (version 6-11).
Collection of jabber -psi, psi +, pidgin
records Collection of data from the credentials : outlook, rdp
Collection of cryptocars: wallet.dat recursion, besides this: namecoin, monero, bytecoin, electrum, ethereum
Collects Skype correspondence. Format: [Time] sender (recipient): message
Collects session Telegram
Collects session Discord
Collects session Battle.Net 
Collects Steam : ssfn, config.vdf, loginusers.vdf
Collects ftp: FileZilla, WinSCP, TotalCommander, WsFtp
Collects wininet cookies in netscape format.
Makes a screenshot of the screen in .png format. 
There is a file grabber : I include it in my build, it collects from the workstation (I can set up convenient folders). In the near future, a choice will be added to the admin panel.
Collects information about the system : screen resolution, keyboard layouts, video cards, name and number of processor cores, the current LOCAL time and time zone, OS version including os edition, RAM number, IP.
Loader: after sending the report, the file is downloaded into memory, then several options. If the resident checkbox was selected in the admin, the file is recorded in temp, the path to the file in PEB is changed so that your software can be installed by copying itself where it needs to. If the x86 file is a loadpe in the current process, if x64 and the x64 OS are running cmd.exe, inject there using wow64ext
Self-removal after execution. 
Firewall traversal based on Internet Explorer com-interface. Since there is the slightest chance that the interface will not work, wininet will be used for a spare case.

AV Scan here