General

  • Target

    NetwalkerNEW.exe

  • Size

    69KB

  • Sample

    210303-gqxjtxjees

  • MD5

    e9ca5e3e3e381d7f13f20f9ef7b2cd48

  • SHA1

    89e45b950d550f140bfbee81e709d53632e55af2

  • SHA256

    4a8e4c9289132e7d3ac9172179464c4c8038079ad9ff7205da81c6af9d1e2354

  • SHA512

    ff301d34795ac651d020b8cd7e6626735c0b1ab48800cf957894ab775f5594cb2abe79746e1dc0e4288e7f156bab0dcf582fe9d8724b3ddee6154ea8c43ae59e

Malware Config

Extracted

Path

C:\ProgramData\Microsoft\User Account Pictures\163D19-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path

C:\Program Files (x86)\Microsoft Office\Office14\PROOF\163D19-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path

C:\Program Files (x86)\Microsoft Office\Stationery\1033\163D19-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path

C:\8DED4D-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path

C:\Users\Admin\AppData\Roaming\8DED4D-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path

C:\Program Files\Microsoft Office\root\vreg\8DED4D-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path

C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\8DED4D-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path

C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\8DED4D-Readme.txt

Ransom Note
Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- *** We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. *** -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Targets

    • Target

      NetwalkerNEW.exe

    • Size

      69KB

    • MD5

      e9ca5e3e3e381d7f13f20f9ef7b2cd48

    • SHA1

      89e45b950d550f140bfbee81e709d53632e55af2

    • SHA256

      4a8e4c9289132e7d3ac9172179464c4c8038079ad9ff7205da81c6af9d1e2354

    • SHA512

      ff301d34795ac651d020b8cd7e6626735c0b1ab48800cf957894ab775f5594cb2abe79746e1dc0e4288e7f156bab0dcf582fe9d8724b3ddee6154ea8c43ae59e

    Score
    10/10
    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Deletion

2
T1107

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Impact

Inhibit System Recovery

2
T1490

Tasks