NetwalkerNEW.exe

Target

NetwalkerNEW.exe

Size

69KB

Sample

210303-gqxjtxjees

Score

10 ^/10

MD5

e9ca5e3e3e381d7f13f20f9ef7b2cd48

SHA1

89e45b950d550f140bfbee81e709d53632e55af2

SHA256

4a8e4c9289132e7d3ac9172179464c4c8038079ad9ff7205da81c6af9d1e2354

SHA512

ff301d34795ac651d020b8cd7e6626735c0b1ab48800cf957894ab775f5594cb2abe79746e1dc0e4288e7f156bab0dcf582fe9d8724b3ddee6154ea8c43ae59e

Extracted

Path	C:\ProgramData\Microsoft\User Account Pictures\163D19-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Program Files (x86)\Microsoft Office\Office14\PROOF\163D19-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Program Files (x86)\Microsoft Office\Stationery\1033\163D19-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .163d19 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_163d19: qa85E+Q9ybJPBsLiV2HnvDCGE5VLUpQ8kDGPZ8f78TrUWYIXCz BdTs+7mm36Lvr3ynxuw1tqxYIrybKa3rwvRx0bwZnHg1hTEXt0 VMg4yx/5Erw+qj7VXAui8mDqUOaOXPouIRPNM7x1vfkACDcdZW JM8AUT1tijYA8r+z81D3lduPCuN/ROyzkcbUFuPFiQ8eGXdaf3 S4FyAUrkQlDslmlYplhTDEczsKeV4vu6VHboCMNwDQ8ZtDm6gt oucqSVQ5ji+IEyYKsEtaASdcc9UQyAO0n8qPos7w==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\8DED4D-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Users\Admin\AppData\Roaming\8DED4D-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Program Files\Microsoft Office\root\vreg\8DED4D-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\8DED4D-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Path	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\8DED4D-Readme.txt
Ransom Note	Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}Hello, O2MICRO. Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .8ded4d -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- * We have downloaded your documents, databases, documents of your customers, correspondence. We are ready to put everything in public access. Contact us in chat. * -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_8ded4d: qPaXFMj4TxaDEKgGaBrVHg6gAF0QYn/qU4n8j8hzvMm/MrAnXi cxUlQQX3AfecD21w7T7U1ivcpB0C4at4wIYBNemDwclyEuEXt0 VI+fwcVsq1hqXxmaD4R2Uh5PpUWC1yBoYfRMKVhQBF7TnFUTM4 Nql97xn1cfujdndofKy0K/OjLamweey7uL9oo5oAjIjCNhMRP5 SZzhagxG3tnwAZdq+y63Eg4vn7xPaf4TuWUIYVQQjyLkThk6su T7b1RvEr/zXMGgPqPVoDOoVFYGkAfnp5Te/MNiNg==}
URLs	http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Target

NetwalkerNEW.exe

MD5

e9ca5e3e3e381d7f13f20f9ef7b2cd48

Filesize

69KB

Score

10^/10

SHA1

89e45b950d550f140bfbee81e709d53632e55af2

SHA256

4a8e4c9289132e7d3ac9172179464c4c8038079ad9ff7205da81c6af9d1e2354

SHA512

ff301d34795ac651d020b8cd7e6626735c0b1ab48800cf957894ab775f5594cb2abe79746e1dc0e4288e7f156bab0dcf582fe9d8724b3ddee6154ea8c43ae59e

Signatures

Deletes shadow copies
Description

Ransomware often targets backup files to inhibit system recovery.
Tags

ransomware

TTPs

File DeletionInhibit System Recovery
Modifies extensions of user files
Description

Ransomware generally changes the extension on encrypted files.
Tags

ransomware
Deletes itself
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware

TTPs

Data from Local SystemCredentials in Files

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

File Deletion

Discovery

Execution

Exfiltration

Impact

Inhibit System Recovery

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

netwalker

10^/10

behavioral1

ransomware spyware

10^/10

behavioral2

ransomware spyware

10^/10

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Tags

Signatures

Deletes shadow copies

Description

Tags

TTPs

Modifies extensions of user files

Description

Tags

Deletes itself

Reads user/profile data of web browsers

Description

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2