e3e75e15fd7f6a8233e33c8a8e127cee36706025451644cf8618a0876fd0e95f.bin

Target

Size

57KB

Sample

201109-nm293s1n1s

Score

10 ^/10

MD5

997f0ec7fcfa440d58443922651a2b0a

SHA1

6bd08ea17de7987451757b549984a443cf08b401

SHA256

e3e75e15fd7f6a8233e33c8a8e127cee36706025451644cf8618a0876fd0e95f

SHA512

c80320dc518936d88e283dc27a5cab5575d12f6c14af994ec79730aed31c61f89e631db1e04673a0dfa0ef8e56fd1ad4029def2210c3e0a3348c44cc6df11c1f

Extracted

Path	C:\ProgramData\Microsoft\MF\F859A1-Readme.txt
Family	netwalker
Ransom Note	Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .f859a1 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_f859a1: U2wT2FxHbYnBsp9clCydICOMz0xHS9y9qxbwYTxSyUWHonPfMF 0JShF/VkyMO/vileP9Apd62n4brPnmwJQ/d/BaRVzkudYYQNnK oGuxqQefyAbdy1fIdlcNPaB7OcJJCHbVR7XqhD3SsjMRujUj3+ 42tCAnf8VScRw+fe5U2o2Et9sx/8+akPwc+qDQQVfZjUvbyYZJ IICir+oEIXTjFRoRqvZaOUA4GBWaH05Yy+nHnR2ct2xbezvCdu um9sUTOR9yaJM5K9VRwGS0o5+0XxQDHicS9xAGQg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Users\Admin\Desktop\F859A1-Readme.txt
Family	netwalker
Ransom Note	Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .f859a1 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_f859a1: U2wT2FxHbYnBsp9clCydICOMz0xHS9y9qxbwYTxSyUWHonPfMF 0JShF/VkyMO/vileP9Apd62n4brPnmwJQ/d/BaRVzkudYYQNnK oGuxqQefyAbdy1fIdlcNPaB7OcJJCHbVR7XqhD3SsjMRujUj3+ 42tCAnf8VScRw+fe5U2o2Et9sx/8+akPwc+qDQQVfZjUvbyYZJ IICir+oEIXTjFRoRqvZaOUA4GBWaH05Yy+nHnR2ct2xbezvCdu um9sUTOR9yaJM5K9VRwGS0o5+0XxQDHicS9xAGQg==}Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .f859a1 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_f859a1: U2wT2FxHbYnBsp9clCydICOMz0xHS9y9qxbwYTxSyUWHonPfMF 0JShF/VkyMO/vileP9Apd62n4brPnmwJQ/d/BaRVzkudYYQNnK oGuxqQefyAbdy1fIdlcNPaB7OcJJCHbVR7XqhD3SsjMRujUj3+ 42tCAnf8VScRw+fe5U2o2Et9sx/8+akPwc+qDQQVfZjUvbyYZJ IICir+oEIXTjFRoRqvZaOUA4GBWaH05Yy+nHnR2ct2xbezvCdu um9sUTOR9yaJM5K9VRwGS0o5+0XxQDHicS9xAGQg==}Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .f859a1 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_f859a1: U2wT2FxHbYnBsp9clCydICOMz0xHS9y9qxbwYTxSyUWHonPfMF 0JShF/VkyMO/vileP9Apd62n4brPnmwJQ/d/BaRVzkudYYQNnK oGuxqQefyAbdy1fIdlcNPaB7OcJJCHbVR7XqhD3SsjMRujUj3+ 42tCAnf8VScRw+fe5U2o2Et9sx/8+akPwc+qDQQVfZjUvbyYZJ IICir+oEIXTjFRoRqvZaOUA4GBWaH05Yy+nHnR2ct2xbezvCdu um9sUTOR9yaJM5K9VRwGS0o5+0XxQDHicS9xAGQg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\STS2\F859A1-Readme.txt
Family	netwalker
Ransom Note	Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .f859a1 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_f859a1: U2wT2FxHbYnBsp9clCydICOMz0xHS9y9qxbwYTxSyUWHonPfMF 0JShF/VkyMO/vileP9Apd62n4brPnmwJQ/d/BaRVzkudYYQNnK oGuxqQefyAbdy1fIdlcNPaB7OcJJCHbVR7XqhD3SsjMRujUj3+ 42tCAnf8VScRw+fe5U2o2Et9sx/8+akPwc+qDQQVfZjUvbyYZJ IICir+oEIXTjFRoRqvZaOUA4GBWaH05Yy+nHnR2ct2xbezvCdu um9sUTOR9yaJM5K9VRwGS0o5+0XxQDHicS9xAGQg==}Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .f859a1 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_f859a1: U2wT2FxHbYnBsp9clCydICOMz0xHS9y9qxbwYTxSyUWHonPfMF 0JShF/VkyMO/vileP9Apd62n4brPnmwJQ/d/BaRVzkudYYQNnK oGuxqQefyAbdy1fIdlcNPaB7OcJJCHbVR7XqhD3SsjMRujUj3+ 42tCAnf8VScRw+fe5U2o2Et9sx/8+akPwc+qDQQVfZjUvbyYZJ IICir+oEIXTjFRoRqvZaOUA4GBWaH05Yy+nHnR2ct2xbezvCdu um9sUTOR9yaJM5K9VRwGS0o5+0XxQDHicS9xAGQg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\odt\C52B64-Readme.txt
Family	netwalker
Ransom Note	Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .c52b64 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_c52ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==: ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\C52B64-Readme.txt
Family	netwalker
Ransom Note	Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .c52b64 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_c52ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==: ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==}Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .c52b64 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_c52ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==: ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Users\Admin\Documents\C52B64-Readme.txt
Family	netwalker
Ransom Note	Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .c52b64 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_c52ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==: ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==}Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .c52b64 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_c52ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==: ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==}Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .c52b64 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_c52ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==: ePWGvYeIxnaFF8O4tLeMav7vqePYtqHcRFrQf7q3Trnk9/+LXN +wG1JWawUr5cSiBPVMzsGv9AS59SoRi7MW6o26Mjq9cRklQNnK oJM4LMt5EFnu18j0/wTWoz7dtKftQAwbd5M1zta0/1Ou5k1yqU PgvJZ6nIfKm1THKkSEjkKS6obJbPVIracin+mDsZ0OtBpxTFlk ubPphWLoKS3SiRP4y9+eNFqjqjv17gRAt9HCzL7iJ4smlShYVu pdALn0a548LKJs7eCdvLboiYe657pkNCl5mS36Hg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Target

e3e75e15fd7f6a8233e33c8a8e127cee36706025451644cf8618a0876fd0e95f.bin

MD5

997f0ec7fcfa440d58443922651a2b0a

Filesize

57KB

Score

10^/10

SHA1

6bd08ea17de7987451757b549984a443cf08b401

SHA256

e3e75e15fd7f6a8233e33c8a8e127cee36706025451644cf8618a0876fd0e95f

SHA512

c80320dc518936d88e283dc27a5cab5575d12f6c14af994ec79730aed31c61f89e631db1e04673a0dfa0ef8e56fd1ad4029def2210c3e0a3348c44cc6df11c1f

Signatures

Netwalker Ransomware
Description

Ransomware family with multiple versions. Also known as MailTo.
Tags

ransomware netwalker
Modifies extensions of user files
Description

Ransomware generally changes the extension on encrypted files.
Tags

ransomware
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware

TTPs

Data from Local SystemCredentials in Files

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

netwalker ransomware spyware

10^/10

behavioral2

netwalker ransomware spyware

10^/10

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Tags

Signatures

Netwalker Ransomware

Description

Tags

Modifies extensions of user files

Description

Tags

Reads user/profile data of web browsers

Description

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2