Thursday, November 1, 2018

2018-11-01 lokibot publicspeaking.co.id

https://pastebin.com/raw/znU7mXSV

https://twitter.com/ps66uk/status/1058019904627073024
#lokibot
found by @ps66uk
https://app.any.run/tasks/3fad920f-ae45-4d90-96b3-d1d7d4f4d5a1




interesting in memory strings

0x4a0074 (53): https://publicspeaking.co.id/okoye/Panel/five/fre.php
0x569450 (106): C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

x415414 (14): password_value
0x415424 (14): username_value
0x415434 (10): origin_url
0x415448 (68): %s\%s\User Data\Default\Login Data
0x415490 (64): %s\%s\User Data\Default\Web Data
0x4154d4 (30): %s%s\Login Data
0x4154f4 (46): %s%s\Default\Login Data
0x415524 (26): Comodo\Dragon
0x415540 (44): MapleStudio\ChromePlus
0x415570 (26): Google\Chrome
0x4155d4 (26): Titan Browser
0x4155fc (40): Yandex\YandexBrowser
0x415628 (40): Epic Privacy Browser
0x415654 (28): CocCoc\Browser
0x415684 (30): Comodo\Chromodo
0x4156b8 (26): Coowon\Coowon
0x4156d4 (30): Mustang Browser
0x4156f4 (36): 360Browser\Browser
0x41571c (40): CatalinaGroup\Citrio
0x415748 (34): Google\Chrome SxS
0x41578c (44): \Opera\Opera Next\data
0x4157bc (56): \Opera Software\Opera Stable
0x4157f8 (102): \Fenrir Inc\Sleipnir\setting\modules\ChromiumViewer
0x415860 (104): \Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
0x4158cc (24): vaultcli.dll
0x4158e8 (19): VaultEnumerateItems
0x4158fc (20): VaultEnumerateVaults
0x415920 (12): VaultGetItem
0x415930 (14): VaultOpenVault
0x415940 (15): VaultCloseVault
0x415950 (116): Software\Microsoft\Internet Explorer\IntelliForms\Storage2
0x4159f0 (92): Software\Microsoft\Internet Explorer\TypedURLs
0x415a58 (84): SELECT encryptedUsername, encryptedPassword, formSubmitURL, hostname FROM moz_logins
0x415acc (17): encryptedUsername
0x415ae0 (17): encryptedPassword
0x415af4 (28): %s\logins.json
0x415b14 (22): %s\prefs.js
0x415b2c (34): %s\signons.sqlite
0x415b50 (22): signons.txt
0x415b68 (24): signons2.txt
0x415b84 (24): signons3.txt
0x415ba0 (62): %s\Mozilla\Firefox\profiles.ini
0x415be0 (60): %s\Mozilla\Firefox\Profiles\%s
0x415c20 (66): %s\Mozilla\SeaMonkey\profiles.ini
0x415c68 (64): %s\Mozilla\SeaMonkey\Profiles\%s
0x415cac (58): %s\Flock\Browser\profiles.ini
0x415ce8 (56): %s\Flock\Browser\Profiles\%s
0x415d24 (54): %s\Thunderbird\profiles.ini
0x415d5c (52): %s\Thunderbird\Profiles\%s
0x415d94 (48): %s\K-Meleon\profiles.ini
0x415dc8 (28): %s\K-Meleon\%s
0x415de8 (64): %s\Comodo\IceDragon\profiles.ini
0x415e30 (62): %s\Comodo\IceDragon\Profiles\%s
0x415e70 (92): %s\NETGATE Technologies\BlackHawk\profiles.ini
0x415ed0 (90): %s\NETGATE Technologies\BlackHawk\Profiles\%s
0x415f2c (46): %s\Postbox\profiles.ini
0x415f5c (44): %s\Postbox\Profiles\%s
0x415f90 (74): %s\8pecxstudios\Cyberfox\profiles.ini
0x415fe0 (72): %s\8pecxstudios\Cyberfox\Profiles\%s
0x416030 (94): %s\Moonchild Productions\Pale Moon\profiles.ini
0x416090 (92): %s\Moonchild Productions\Pale Moon\Profiles\%s
0x4160f0 (50): %s\FossaMail\profiles.ini
0x416124 (48): %s\FossaMail\Profiles\%s
0x416158 (150): %s\Lunascape\Lunascape6\plugins\{9BDD5314-20A6-4d98-AB30-8325A95771EE}\data
0x416234 (22): %s\nss3.dll
0x416258 (12): NSS_Shutdown
0x416268 (23): PK11_GetInternalKeySlot
0x416280 (13): PK11_FreeSlot
0x416290 (17): PK11_Authenticate
0x4162a4 (15): PK11SDR_Decrypt
0x4162b4 (22): PK11_CheckUserPassword
0x4162cc (16): SECITEM_FreeItem
0x4162e0 (22): sqlite3.dll
0x4162f8 (28): mozsqlite3.dll
0x41632c (16): sqlite3_finalize
0x416340 (12): sqlite3_step
0x416350 (13): sqlite3_close
0x416360 (19): sqlite3_column_text
0x416374 (14): sqlite3_open16
0x416384 (18): sqlite3_prepare_v2
0x416398 (15): sqlite3_prepare
0x4163a8 (28): CurrentVersion
0x4163c8 (64): SOFTWARE\Mozilla\Mozilla Firefox
0x416414 (20): %s\%s\Main
0x41642c (34): Install Directory
0x416468 (72): SOFTWARE\Mozilla\Mozilla Thunderbird
0x4164b4 (52): SOFTWARE\Mozilla\FossaMail
0x4164ec (48): SOFTWARE\Postbox\Postbox
0x416520 (44): SOFTWARE\Mozilla\Flock
0x416550 (40): SOFTWARE\Flock\Flock
0x416588 (28): %ProgramW6432%
0x4165a8 (42): %s\NETGATE\Black Hawk
0x4165d4 (52): SOFTWARE\Mozilla\Pale Moon
0x416610 (140): %s\Lunascape\Lunascape6\plugins\{9BDD5314-20A6-4d98-AB30-8325A95771EE}
0x4166a0 (34): SOFTWARE\K-Meleon
0x4166d8 (72): SOFTWARE\ComodoGroup\IceDragon\Setup
0x416738 (64): SOFTWARE\8pecxstudios\Cyberfox86
0x41677c (60): SOFTWARE\8pecxstudios\Cyberfox
0x4167bc (60): SOFTWARE\mozilla.org\SeaMonkey
0x4167fc (38): %s\Mozilla\Profiles
0x41682c (52): SOFTWARE\Mozilla\SeaMonkey
0x416864 (50): SOFTWARE\Mozilla\Waterfox
0x4168b0 (22): firefox.exe

0x416a38 (108): Software\QtWeb.NET\QtWeb Internet Browser\AutoComplete
0x416aa8 (84): %s\QupZilla\profiles\default\browsedata.db
0x416b2c (20): InstallDir
0x416b48 (72): SOFTWARE\Apple Computer, Inc.\Safari
0x416b98 (88): %s\Apple Computer\Preferences\keychain.plist
0x416bf8 (78): %s\Apple Application Support\plutil.exe
0x416c54 (54): -convert xml1 -s -o %s "%s"
0x416c8c (56): %s\Data\AccCfg\Accounts.tdat
0x416cc8 (20): %s\Storage
0x416ce0 (24): Account.rec0
0x416cfc (30): %s\Foxmail\mail
0x416d28 (26): %SYSTEMDRIVE%
0x416d58 (24): EmailAddress
0x416d74 (20): Technology
0x416db0 (20): PopAccount
0x416dc8 (22): PopPassword
0x416de0 (20): SmtpServer
0x416e0c (22): SmtpAccount
0x416e24 (24): SmtpPassword
0x416e40 (62): Software\IncrediMail\Identities
0x416ea4 (20): POP3Server
0x416edc (36): SMTP Email Address
0x416f04 (22): SMTP Server
0x416f1c (28): SMTP User Name
0x416f50 (22): POP3 Server
0x416f68 (28): POP3 User Name
0x416f9c (36): NNTP Email Address
0x416fc4 (28): NNTP User Name
0x416fe4 (22): NNTP Server
0x416ffc (22): IMAP Server
0x417014 (28): IMAP User Name
0x41705c (30): HTTP Server URL
0x41707c (36): HTTPMail User Name
0x4170a4 (30): HTTPMail Server
0x417100 (28): POP3 Password2
0x417120 (28): IMAP Password2
0x417140 (28): NNTP Password2
0x417160 (36): HTTPMail Password2
0x417188 (28): SMTP Password2
0x4171a8 (26): POP3 Password
0x4171c4 (26): IMAP Password
0x4171e0 (26): NNTP Password
0x4171fc (26): HTTP Password
0x417218 (26): SMTP Password
0x417238 (178): Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
0x4172f0 (110): Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
0x417360 (110): Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
0x4173d0 (30): %s\32BitFtp.TMP
0x4173f0 (30): %s\32BitFtp.ini
0x417410 (54): %s\Estsoft\ALFTP\ESTdb2.dat
0x417448 (22): %s\site.xml
0x417460 (46): %s\BitKinex\bitkinex.ds
0x4174ac (30): LastUsedProfile
0x4174cc (56): Software\Bitvise\BvSshClient
0x417508 (40): %s\BlazeFtp\site.dat
0x417538 (72): Software\FlashPeak\BlazeFtp\Settings
0x417584 (24): LastPassword
0x4175b4 (22): LastAddress
0x417618 (88): Software\NCH Software\ClassicFTP\FTPAccounts
0x417694 (24): %s\Cyberduck
0x4176b0 (22): user.config
0x4176c8 (30): %s\iterate_GmbH
0x4176e8 (30): %s\EasyFTP\data
0x417730 (26): %s\ExpanDrive
0x41774c (26): *favorites.js
0x4177a8 (60): Software\Far\Plugins\FTP\Hosts
0x4177e8 (62): Software\Far2\Plugins\FTP\Hosts
0x417828 (148): %s\Far Manager\Profile\PluginsData\42E4AEB1-A230-44F4-B33C-F195BB654931.db
0x4178c0 (52): %s\FileZilla\Filezilla.xml
0x4178f8 (52): %s\FileZilla\filezilla.xml
0x417930 (60): %s\FileZilla\recentservers.xml
0x417970 (56): %s\FileZilla\sitemanager.xml
0x4179ac (22): %s\FlashFXP
0x4179c4 (20): *Sites.dat
0x4179dc (20): *quick.dat
0x417a08 (22): FtpUserName
0x417a20 (22): FtpPassword
0x417a38 (24): _FtpPassword
0x417a58 (72): Software\NCH Software\Fling\Accounts
0x417aa8 (78): %s\FreshWebmaster\FreshFTP\FtpSites.SMF
0x417af8 (46): %s\FTPBox\profiles.conf
0x417b28 (64): %s\FTPGetter\Profile\servers.xml
0x417b6c (48): %s\FTPGetter\servers.xml
0x417ba0 (50): %s\FTPInfo\ServerList.xml
0x417bd4 (50): %s\FTPInfo\ServerList.cfg
0x417c08 (56): %s\FTP Navigator\Ftplist.txt
0x417c44 (40): %s\FTP Now\sites.xml
0x417c70 (48): %s\FTPShell\ftpshell.fsi
0x417ca8 (64): %s\.config\fullsync\profiles.xml
0x417cec (44): %s\DeluxeFTP\sites.xml
0x417d20 (66): %s\GoFTP\settings\Connections.txt
0x417d98 (36): %s\%s%i\encPwd.jsd
0x417dc0 (78): %s\%s%i\data\settings\sshProfiles-j.jsd
0x417e10 (78): %s\%s%i\data\settings\ftpProfiles-j.jsd
0x417e84 (60): Software\LinasFTP\Site Manager
0x417ec4 (52): %s\oZone3D\MyFTP\myftp.ini
0x417efc (46): %s\NetDrive\NDSites.ini
0x417f2c (46): %s\NetDrive2\drives.dat
0x417f60 (64): %s\Fastream NETFile\My FTP Links
0x417fa8 (66): %s\NexusFile\userdata\ftpsite.ini
0x417fec (48): %s\NexusFile\ftpsite.ini
0x418020 (64): %s\INSoftware\NovaFTP\NovaFTP.db
0x418068 (90): %s\Notepad++\plugins\config\NppFTP\NppFTP.xml
0x4180c8 (78): %s\Odin Secure FTP Expert\QFDefault.QFQ
0x418118 (76): %s\Odin Secure FTP Expert\SiteInfo.QFP
0x418168 (26): PublicKeyFile
0x418184 (24): TerminalType
0x4181a0 (20): PortNumber
0x4181b8 (64): Software\9bis.com\KiTTY\Sessions
0x418200 (70): Software\SimonTatham\PuTTY\Sessions
0x418264 (20): lsasrv.dll
0x41827c (22): LsaICryptUnprotectData
0x4182b0 (48): %s\Microsoft\Credentials
0x4182e4 (22): Config Path
0x4182fc (50): Software\VanDyke\SecureFX
0x418330 (22): %s\Sessions
0x418378 (30): %s\SftpNetDrive
0x4183a8 (84): %s\Sherrod Computers\sherrod FTP\favorites
0x418400 (52): #document.favoriteManager*
0x418438 (22): %s\SmartFTP
0x418460 (44): %s\Staff-FTP\sites.ini
0x418490 (44): %s\Steed\bookmarks.txt
0x4184c0 (26): %s\SuperPutty
0x418548 (20): {.:CRED:.}
0x418594 (24): %s\Syncovery
0x4185b0 (26): Syncovery.ini
0x4185cc (28): %s\wcx_ftp.ini
0x4185ec (44): %s\GHISLER\wcx_ftp.ini
0x41861c (20): FtpIniName
0x418638 (64): Software\Ghisler\Total Commander
0x41867c (42): %s\UltraFXP\sites.xml
0x4186a8 (60): %s\WinFtp Client\Favorites.dat
0x4186e8 (20): FSProtocol
0x418700 (46): Software\Martin Prikryl
0x418730 (40): %s\WS_FTP\WS_FTP.INI
0x41875c (26): %s\WS_FTP.INI
0x418778 (22): %s\Ipswitch
0x418790 (20): ws_ftp.ini
0x4187a8 (52): %s\NetSarang\Xftp\Sessions
0x4187f0 (33): MAC=%02X%02X%02XINSTALL=%08X%08Xk
0x418874 (24): %s\%s\%s.exe










Posted by



at






















Labels:
,


















4 comments:








  1. Lorri HeilingJuly 5, 2020 at 9:54 AM
    This is a testimony that I will tell everyone to hear. i have been married four 4 years and on the fifth year of my marriage, another woman had a spell to take my lover away from me and my husband left me and the kids and we have suffered for 2 years until i meant a post where this man Dr, kuta have helped someone and i decided to give him a try to help me bring my love Husband home and believe me i just send my picture to him and that of my husband and after 48 hours as he have told me, i saw a car drove into the house and behold it was my husband and he have come to me and the kids and that is why i am happy to make every one of you in similar to met with this man and have your lover back to your self His email: drkutaherbalcenter@gmail.com you can also contact him or whatspp him on this +2347054547814 thank so much
    ReplyDelete
  2. chrishelyJuly 14, 2020 at 5:47 AM
    All thanks to the great Priest Dr bow for helping me restore back my marriage when i taught all hope was lost.,this Priest helped me, and my relationship is now perfect. Contact for any spiritual work  (@Drbowsolutionhome1) Your partner will definitely love you email him Drbowsolutionhome@gmail.com or whatapp him +2348121786772
    ReplyDelete
  3. lara clearAugust 10, 2020 at 1:03 PM
    How I Got My Ex Husband Back..Am so excited to share my testimony of a real spell caster who brought my husband back to me. My husband and I have been married for about 6 years now. We were happily married with two kids, a boy and a girl. 3 months ago, I started to notice some strange behavior from him and a few weeks later I found out that my husband is seeing someone else. He started coming home late from work, he hardly care about me or the kids anymore, Sometimes he goes out and doesn't even come back home for about 2-3 days. I did all I could to rectify this problem but all to no avail. I became very worried and needed help. As I was browsing through the internet one day, I came across a website that suggested that Dr Aluya can help solve marital problems, restore broken relationships and so on. So, I felt I should give him a try. I contacted him and and told him my problems and he told me what to do and i did it and he did a spell for me. 48 hours later, my husband came to me and apologized for the wrongs he did and promise never to do it again. Ever since then, everything has returned back to normal. I and my family are living together happily again.. All thanks to Dr Aluya Powerful Love Spell that really works. If you have any problem contact him and i guarantee you that he will help you. He will not disappoint you. Email him at: aluya.48hoursspelltemple@gmail.com. or whatsapp him on: +2348110493039 
    ReplyDelete
  4. walden AnnAugust 10, 2020 at 4:43 PM
    SPELLS THAT WORKS I am sharing this testimony to partners suffering in their relationships LOVE because there is an enduring solution.
    My husband left me and our 2 kids for another woman for 3 years. I tried to be strong just for my kids but I could not control the pains that torment my heart. I was hurt and confused. I needed a help, so i did a research on the internet and came across a site where I saw that Dr. Aluya a spell caster, can help get lovers back. I contacted him and he did a special prayer and spells for me. To my surprises, after some days, my husband came back home. That was how we reunited again and there was a lot of love, joy and peace in the family.
    You can as well contact Dr.  Aluya  , a powerful spell-caster for solutions on his contact aluya.48hoursspelltemple@gmail.com or directly on Whats App: +2348110493039
    ReplyDelete




























        

      









Subscribe to:
Post Comments (Atom)