Jump to content

gadivit437

Member
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. If i will run again the virus and make executable send my Loki key works or not ?
  2. Hi, i have work to retrive all so i have decompiled virus hard work to decompile and check what do: Create and store HKEY_CURRENT_USER\Software\Loki --> Public an full is private and public key And stored here after finish encrypt remove full key there is method to retrive regfile deleted? if i will find this solution i have help more people have this virus to decode file :-) regards
  3. Hi There today i have client have all file encoded and i have decide to analize the virus: Encrypted by Loki locker Reg File SOFTWARE\Loki Public domain loki-locker.one where stored Cpriv.Loki And this is the public <RSAKeyValue> <Modulus>xipT1uEp7+SiiHvCqNCPztBOp7qln4XorugR0EzkIJ5Yr3EeK5wfq2cPoe0G/RmN942R9P1aSSm9kSuBWoZFxb03kyGzgOynzIR2D35MW0J9CUTBxGh9YHD94AvlBTykhlsye1QhvOXo+yUMracayVqdL+WkC3SGb1qH3UJX6froustTgVWxbw+bn2k/vBSSmK73g146N6q7oKHrSl5hf3JQ7ao7NNyURAPyOh8CXcwjGuhAu5c8I1azEp6HcVOs6pRo1CUZCx2WtI+sTFSQZnVf8uNJRgF5Et0bWtA9M3R076AQDNP3OTQ3jaVq4BLwUqdXN05pFvAiiCmV5tjC6naJShU7x97fcNUTnrGuFpbD/bIW1376i2juuE+TMlG7rodBOiP7lucgIFOhq0niueVLb/Qw8ImSFE+SNC1DFswd5u+EQfKNwer7kZ26za5OZFzyawha6aocDEf3HLt06SlgCWrn6AgbzxTyI59QKyOviNDln3sg4iGZY+gUkwH/TOgqoxnZqYBRQTb8NKX6gB5XXj1OZw/tVmGu6pK29K9UfpWc9mYLZwPjDRIb33zIkI/6S3jcvbahmCHcrXTqdjiL9Y/QSwqYG1GRTFrnRLtRpLc6IuSQogWRIJwHoEkqJt9MOU/W6AhGkMZzX1KQJGTYpU2vt5Ge7AbXCHbFk=</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> <RSAKeyValue> <Modulus>zQ6+tkZblOQL5sLM4U24fa+vLl3znNlLehJJZRhHyo1SngiKAWpPI6U0Az+1eN+b2gzj8YDmuXo0u3PRO2rRdD7VjokYD5VylgKIoj9go783qZayXif+GsVlCObBcehq4AMwO7IZ7lKFrh4dzd/Q4+OcSPCOqWFMmsRWcR9gdEUrDJNmrGcpr/8LpuA6GJGudNT4vYNptry7NwP8RJ5iynO6qd29Z1ZuzzbvxD5RE8NoAvupCO5TgkM1PBXaYmqUmBNR49JM1nG3GPHbYVij61mCM7LxmO+KhQCRw0RZTYH9tU+cvtZaBYwnryPgL0Wh5FESGZAoKv3KVsKISB5kArNoGvOT6rmzk+UHkw7m0qYSYoVEIAQtzhZSXqrgAZoSpgEMA+Sb3UaGpZnZwwA5Nx09rsDjdJ0EN3Fgt4DS2ROTN+XzWcf+u7T+nwDaJAKMGThelid+cDpMBreugYtsC7LNxW9L9FxBIc9DFYTWhZPX6996jBP9rKoIWlUZGHdv46VyJJm2N+QHXCF3PGOIz2ENiq8a5VaW94ednSGpAPmYudpv7tsYQH+nC3dBCWgvUJtdP5uf8qf2xeUwbJvyTRp3jSdKR4bOy7WKsBe5HOyJCaR9EZRwGs7oMe+P6XdJJUhSpKVV+qsac7h0xknPKxP12aGIrai4Zxp24Vv+0=</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> <RSAKeyValue> <Modulus>wunn0selOgeuXptR12Npf+6Xz3FXzQ8ZoNqEHNVpD5MQ/e4tFDQcxE3H/KP5LDyRTQffayQgiOqcdUbbou9qqumoMQelI6RWlQrHOnp72cb05pN++OVYxWCwiMhTtBTy/wSjc9pfugYbqs6VQSAZ7II1MN95dirIOcNKSSkfgSDCnk1r8/YxIyV1GNkHbeteDXocwQv80AeEv2Lmc1BIHjC6zPKxKmFik2gKzwoXQH/yd7QC7ygdwKFusLpUVhAQsFSMCp2RhLU0yEa0I9SUdlwqmomAXwHncsVHR3iOgO4VEacyr5I26gLiEjFiMSmrAOcGVPC8zsRrCsTULcnEjUaIO6+PCdHfxB3VZUTULaLLDGt/43fKXXW1fR7M8tzKa45fN0UJ0fVXnnexY+z7iQEmnILQ0f2bvCp95vD02lvQiMNbIkNk3zv9BgDogVw/Unk9nTtZI0BV2kGftc9kiGwCewR7WXp/Yu2/GPuVumyMjoDn0TpxGdAHJTGGuGHwaB2Hdj7NAvo+ttPiaVYI6twdYXAdG8775RMQ9rHHQyk/rE6Cj7ylW6ZGeRXv36gdPnqSZ3IddvMJxkjwMciC/Ta4jJtN8kug3UVP+YHdbbpxrwSw/kDyEZEJP52hvFPGV048paW+gXmhPxokHD2Pj4/osDWQBZi7NunVB5o+k=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue><RSAKeyValue><Modulus>2qNfHEirNNKSIeMF/wJ86rjOf2XEudqqkn5PeornEfAPDpKZrPNFbbTCTuyjyiugvX7xidorOT77eYQpJhlpCVe49x9frgGsrv13BcCR8uAQHrybWlvn3WYvkP2N6LZ0PHkavqgBfbLupQl/W2GPOhxvlJbl0Ni2LKgZRk3ZMf45R6kzS0u131mcSoXzHoDlrzNhG+APZanJeyArZ2Z0/M04V/oxxmORskrk2qLwwZ2XvKUNoRjhLUBZ5u88T0PCstJ+jMjpOa9yRSsZ3h998rJH0ZUw881VOAT15onlOfNP8+FmL+EQPVGiQDj/qOI/JaCjFACs1aWBnvNdW0lRHo8U284D7ZpH80vxWiMA4J9gNZQStujxSdzvknwpmx6dUmbpesnUQ9jM4pNwGwP0xaLsJ90qkdbxMbPUzm5uZA4LZ9eip8JmjtJi3FXo5+8Z/bMfZ7arbpGmPuL+ThnJLAx5u+8Iqauza1l10almKy3cIVNVwNunmCcyVWEWx5omecPsuVDnex/0NgU5i32ltJjxd5fAo2HAgo9VeUq59s3T44TF5Ia+g0l5Ji5xrPE+pj36rip5KUAGnAvptwoRePK6pMOPKPPhyABmnw/oUX+evwhhj3EXfHIIczFdpy2crGa7g4mdBLPc9Sewkolf0L4tKs8bzlJU6BOomTf40=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue><RSAKeyValue><Modulus>yPFwkqwzZwDXNA4joWlhiirghk353gkrWHjV9wCL5PiKCaxdE46Unxp3G4nvnt/fZd7G68fv/lAYEIXN+3wyqg4SM3KHCltPL170pyyPvBZTZmlw49SChIdsJI/HZur4cBlSfAX5Q+6CIvXJ79IjHhSEMC0CbfyK0TB0LT5Een0=</Modulus> <Exponent>AQAB</Exponent> </RSAKeyValue> winlogon.exe dump file https://dropmefiles.com/V4dCw winlogon.exe dump file https://dropmefiles.com/FWhEg --> Virus I'm sure where run virus first of process create file config.Loki Cpriv.Loki --> Private key how to retrive this ? There is any solution to decrypt for all this f**ked malware ? gadvit I have try to decrypt but no success any solution ?
×
×
  • Create New...