makop

Extracted

Path

C:\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��72 A0 2D A3 7E 28 0A 26 E7 E6 3B A4 4A 6A 5D CB FD 8B 81 25 9D ED 18 45 C1 15 A4 49 91 7D CD 10 1A 85 63 8D 49 9E E0 21 DA 52 65 63 42 89 1E D1 5B BF 97 3B 26 AE D6 92 90 80 44 6A 62 C9 66 0A 88 F9 62 53 42 68 97 42 8F B0 8F F6 EA 5D C2 DA 21 43 A6 58 E1 D1 8F 02 E5 3D 3F CA 95 96 68 2E 95 E7 A0 95 A8 5C 83 F6 C5 00 30 57 CD 2A CF B4 3B 7A A1 89 C0 64 4B 7C F3 4C A6 1D 9B 80 CC 11 34 CB C4 CD CC CC F1 C5 1E 29 0C A3 9D 2A FA 31 5A 62 D1 54 BF 1E ED 89 11 CC C6 2D 8A 57 F3 82 45 95 DC 12 36 31 E4 2E 76 58 5B 50 2F 4A D8 8D D2 62 57 C5 47 05 81 43 59 78 11 08 DE 6F F3 76 54 32 90 83 45 45 9C F7 6A 2A A6 B5 C9 69 CD 96 89 F0 D3 30 C2 DB B7 85 26 E7 C7 AF 25 5E 9A 41 9A FD 19 A9 4E BB 06 C7 2E A6 7D 21 E3 A7 23 F3 02 A9 3C BC 40 83 99 D8 6A 15 52 2E 17 17 EE 7C </span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <a>.onion</a><br> * Note that this server is available via Tor browser only<br><br> Follow the instructions to open the link:<br> 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.<br> 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.<br> 3. Now you have Tor browser. In the Tor Browser open <a>.onion </a><br> 4. Start a chat and follow the further instructions. <br><br> <hr> <b>If you can not use the above link, use the email:</b><br> <a href="[email protected] ">[email protected] </a> <br><a href="[email protected]">[email protected]</a> <br> <b>* To contact us, create a new free email account on the site:</b> <a href="https://protonmail.com">protonmail.com<br> <hr> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div>   </div> </div>  </div> </div> </body> </html> ��

Emails

Extracted

Path

C:\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��2A C1 D5 CA E5 F2 CA 35 B4 D9 42 EB F9 13 A6 15 84 F7 E5 D2 5C 7F CE D5 35 1F D5 E8 BE 0A BD BE D9 7A E8 28 0F ED 76 40 6F 35 D7 AD BD A9 46 C5 80 12 53 66 8B 9D 72 83 A2 E6 CF B5 B6 51 D2 77 BA CF 0B 08 99 D3 F8 74 64 B8 E8 CF 37 BA FC 9C 77 83 BE A3 AA F0 17 71 7E 28 38 92 E5 3C 93 9B 9F 6E 9F 26 9B 10 AF 74 CB C5 02 BE 92 F8 A9 DF C8 BD 5E 71 16 83 CF 7E 37 29 B5 39 56 71 0E 6C EB 59 F6 4E BD 90 D0 61 F8 B6 9E 97 29 18 63 D0 47 C7 50 2D 4E E0 D8 39 54 9A A9 E4 FC BF 73 3F F8 A0 CC 92 90 45 DB 5A BB 64 87 28 26 EA 75 C6 5F A2 E6 E6 EF FA 4A 24 1C B0 D7 8D 54 F9 54 F0 2C BE 12 15 3F 26 85 ED E9 13 AB 34 C1 2B B9 F6 2C 1F 63 20 7E 44 15 81 97 50 16 B9 72 40 4F FE 00 BD 9A 1A 51 B2 68 D7 9A 13 B0 CB 52 7C 8B E2 81 33 CA 8B F8 66 17 E1 38 69 72 54 1A 7C 62 73 </span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <a>qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion</a><br> * Note that this server is available via Tor browser only<br><br> Follow the instructions to open the link:<br> 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.<br> 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.<br> 3. Now you have Tor browser. In the Tor Browser open <a>qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion </a><br> 4. Start a chat and follow the further instructions. <br><br> <hr> <b>If you can not use the above link, use the email:</b><br> <a href="[email protected] ">[email protected] </a> <br><a href="[email protected]">[email protected]</a> <br> <b>* To contact us, create a new free email account on the site:</b> <a href="https://protonmail.com">protonmail.com<br> <hr> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div>   </div> </div>  </div> </div> </body> </html> ��

Emails

Extracted

Path

C:\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��31 16 4A 77 0A 03 4D FB FE 1D AD 0C 42 C2 04 92 16 1A 31 D2 FF 45 A3 ED DD 59 1F C0 E1 94 BE 8D 7E B1 36 96 61 D4 5E F3 09 DB DB 22 4C 8E B3 55 B3 9B 41 9B 2A B5 BC 7C 43 0A 36 1F FA C8 20 7B 10 CA DB 54 3D E5 AB 4B 32 6A 4C 4B 71 92 78 BD CC 95 01 E0 CE C3 6D 73 77 E2 55 8C 0C BC 57 A1 62 25 E6 B7 87 6A 4A F3 A9 06 8D C0 F8 E9 59 FE FC 5E 63 22 95 58 A4 9E CE DB D2 46 1E 04 3C B3 1D 13 B7 2C F4 15 53 42 B8 82 3E B9 3E 25 8B D4 B0 71 2C FA 8F 29 DE AE 1E 67 78 10 3B 16 32 BD 27 8B 51 3B E7 53 7D F6 70 49 73 6D 9B BA 8F 95 70 94 36 C5 9F 45 D8 3D 03 79 6E 49 A4 BE 9F B6 AF 77 F6 29 D2 2B BC E6 85 BF 9A E0 99 17 71 19 3A B7 93 F6 3F 11 BB 50 D1 1C 42 0A C3 83 BC 88 02 0A 3F BF 0F E8 25 1F 3A 8D 15 2C 57 1F 12 F0 26 16 9D BB EF E2 E7 34 15 03 DD 18 7E E1 41 15 </span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <a>qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion</a><br> * Note that this server is available via Tor browser only<br><br> Follow the instructions to open the link:<br> 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.<br> 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.<br> 3. Now you have Tor browser. In the Tor Browser open <a>qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion </a><br> 4. Start a chat and follow the further instructions. <br><br> <hr> <b>If you can not use the above link, use the email:</b><br> <a href="[email protected] ">[email protected] </a> <br><a href="[email protected]">[email protected]</a> <br> <b>* To contact us, create a new free email account on the site:</b> <a href="https://protonmail.com">protonmail.com<br> <hr> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div>   </div> </div>  </div> </div> </body> </html> ��

Emails

Extracted

Path

C:\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��0E 54 2D CD EC 91 50 ED 13 4C A5 ED 65 00 1E D2 1D 32 52 D0 A2 D6 3E 12 FD 2B E2 EE D7 6B 04 57 E1 46 22 73 EA 28 87 DC BE 78 33 A5 F5 01 37 B2 A8 0A 58 93 17 3D 32 7A E7 C7 AA D7 74 87 BB D5 CC 02 D5 F2 2B 01 8E 4D DB 21 8A 15 D3 4D 5D 11 F4 6B 5B 0C 10 78 CB 54 3D 7C E7 72 94 8B E7 D2 E9 7D 91 1D D7 C6 69 20 1F 31 AF 4D 93 16 3F 53 5A D5 FC 4E B7 D5 37 57 47 B6 E9 98 F5 61 95 E3 07 1C FE 45 80 91 17 78 65 87 D8 C1 72 6D CF D3 4D 93 0D 5F AE 26 FF B2 D6 5F 67 F0 64 44 BD B8 44 17 37 4C 8B D7 15 F1 A0 89 A9 8A F8 4F D8 25 19 FB 70 C1 F7 B0 82 51 1E 2C 2C 00 6C 40 EC 86 CD AB E7 78 65 59 B8 87 23 9E AB 2F E7 57 70 DB F7 B2 04 EE 30 97 23 6A 23 CE 18 E8 C1 BB DC 64 2D 8F FD FF A2 37 B9 13 54 CE E8 9B 15 51 EC B7 95 2B D9 85 9D 38 A7 04 6B 3F 21 21 08 DB D3 93 </span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <a>.onion</a><br> * Note that this server is available via Tor browser only<br><br> Follow the instructions to open the link:<br> 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.<br> 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.<br> 3. Now you have Tor browser. In the Tor Browser open <a>.onion </a><br> 4. Start a chat and follow the further instructions. <br><br> <hr> <b>If you can not use the above link, use the email:</b><br> <a href="[email protected] ">[email protected] </a> <br><a href="[email protected]">[email protected]</a> <br> <b>* To contact us, create a new free email account on the site:</b> <a href="https://protonmail.com">protonmail.com<br> <hr> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div>   </div> </div>  </div> </div> </body> </html> ��

Emails

Extracted

Path

C:\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��35 C2 F6 AB 1B A9 B5 E5 4F BB AA 43 66 E7 60 62 99 D8 62 24 33 F7 DD 61 4C C1 2B 11 8C 97 CF 7E 49 65 E5 A8 44 E2 7D 90 14 2E 47 5C 71 4F F2 27 C9 EF FD 0F 2B 39 8D A6 B6 06 B2 0C 75 B7 B0 BB 08 77 1A F6 6E 04 92 27 07 58 3E 22 78 DC 3C 0D 12 40 55 12 AC C2 FD 92 2A A1 FE 7D E2 AB 46 D0 2E 0D CC 93 F9 CA A7 F1 7F 76 29 E8 A3 A9 D2 DA DA 21 77 09 27 C1 90 BC B2 7A 2D D6 C9 1F C1 A8 BE F2 69 88 F1 0B 4F 7A 8C FA 9D E6 27 FB 00 26 F5 45 94 1A 14 0D A7 9F F8 85 69 D0 D9 A8 CF 44 68 56 D3 A9 F6 80 0C 4F D7 68 A2 EB D2 B4 A9 49 71 55 86 49 0A 92 3F 53 C0 92 C7 94 52 D8 29 F2 16 D7 F8 F3 2A 32 E3 1E 69 CD A4 E8 9F 8B 94 D8 AF CC C7 95 95 F1 33 90 1E 4E 63 CE 1F E0 EC 6E 09 67 DF 31 69 2A E8 5A A1 F4 98 8A 21 15 E2 98 E9 73 04 3E 5D 1A 77 21 87 BA B9 CD 9F A8 D1 FF </span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <a>.onion</a><br> * Note that this server is available via Tor browser only<br><br> Follow the instructions to open the link:<br> 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.<br> 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.<br> 3. Now you have Tor browser. In the Tor Browser open <a>.onion </a><br> 4. Start a chat and follow the further instructions. <br><br> <hr> <b>If you can not use the above link, use the email:</b><br> <a href="[email protected] ">[email protected] </a> <br><a href="[email protected]">[email protected]</a> <br> <b>* To contact us, create a new free email account on the site:</b> <a href="https://protonmail.com">protonmail.com<br> <hr> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div>   </div> </div>  </div> </div> </body> </html> ��

Emails

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\040745947\readme-warning.txt

Family

makop

Ransom Note

::: Greetings ::: Little FAQ: .1. Q: Whats Happen? A: Your files have been encrypted and now have the "baseus" extension. The file structure was not damaged, we did everything possible so that this could not happen. .2. Q: How to recover files? A: If you wish to decrypt your files you will need to pay in bitcoins. .3. Q: What about guarantees? A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests. To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee. .4. Q: How to contact with you? A: You can write us to our mailbox: [email protected] or [email protected] or [email protected] .5. Q: How will the decryption process proceed after payment? A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files. .6. Q: If I don�t want to pay bad people like you? A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money. :::BEWARE::: DON'T try to change encrypted files by yourself! If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files! Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

Emails

[email protected]

Extracted

Path

C:\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��5F FE BF 26 03 CD 19 03 DA CD 9F 7C 95 C8 3A 91 F8 96 27 ED 8F DF 5C 85 DC 9A 6E DA 46 BC 71 EA C4 32 88 FF 6F DC 5D D2 01 67 5F D7 E3 12 1F 04 0C 09 19 2B 7B A5 A8 24 DD 2F 44 0E 2C 21 30 04 5A CD A8 12 D8 4E C2 83 97 5A C1 11 48 38 06 72 E4 B0 DB 0A 26 C8 76 89 A2 9B 74 BF CB 57 DC AC 10 FB AB 06 3B F6 93 70 07 5F 0F 0B 3A F1 36 7E E6 68 C0 F7 CF C9 16 CB 54 A3 A9 BA 8F D1 37 5D 5F 99 4D 9E E5 9F 83 91 DB C7 9E 8F 30 AF B6 C0 B9 CD 84 A9 6B C7 BE D5 74 F6 26 F6 7E DA 9F D9 DA D6 BA 0E EE F5 3E 01 38 EA 8C 25 D5 24 1F 7D 4B 5B BD 38 AF 4A 76 E8 71 FD B1 67 65 2E 49 D9 28 51 26 C1 6B BE 1E C9 3C BB AA C5 B5 1B 13 AD 3F E7 1C E9 35 49 F6 77 86 19 77 03 B8 C3 71 C2 6F 45 4D BC 12 F8 F5 03 1F EC 55 10 2D 71 37 88 B8 44 5F B6 FF 5A EA 85 F1 7D C9 21 A4 1A CB 0D </span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <a>.onion</a><br> * Note that this server is available via Tor browser only<br><br> Follow the instructions to open the link:<br> 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.<br> 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.<br> 3. Now you have Tor browser. In the Tor Browser open <a>.onion </a><br> 4. Start a chat and follow the further instructions. <br><br> <hr> <b>If you can not use the above link, use the email:</b><br> <a href="[email protected] ">[email protected] </a> <br><a href="[email protected]">[email protected]</a> <br> <b>* To contact us, create a new free email account on the site:</b> <a href="https://protonmail.com">protonmail.com<br> <hr> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div>   </div> </div>  </div> </div> </body> </html> ��

Emails

Extracted

Path

C:\how_to_back_files.html

Ransom Note

<html> <style type="text/css"> body { background-color: #f5f5f5; } h1, h3{ text-align: center; text-transform: uppercase; font-weight: normal; } /*---*/ .tabs1{ display: block; margin: auto; } .tabs1 .head{ text-align: center; float: top; padding: 0px; text-transform: uppercase; font-weight: normal; display: block; background: #81bef7; color: #DF0101; font-size: 30px; } .tabs1 .identi { font-size: 10px; text-align: center; float: top; padding: 15px; display: block; background: #81bef7; color: #DFDFDF; } .tabs .content { background: #f5f5f5; /*text-align: center;*/ color: #000000; padding: 25px 15px; font-size: 15px; font-weight: 400; line-height: 20px; } .tabs .content a { color: #df0130; font-size: 23px; font-style: italic; text-decoration: none; line-height: 35px; } .tabs .content .text{ padding: 25px; line-height: 1.2; } </style> <body> <div class="tabs1"> <div class="head" ><b>Your personal ID:</b></div> <div class="identi"> <span style="width:1000px; color: #ffffff; font-size: 10px;">��77 34 73 51 2C 04 94 E6 33 93 71 C1 32 51 31 7C 33 21 DD 54 1F 0D 10 7F 5E 0E 17 00 41 4B DE CD ED 55 EC 14 0E 35 B4 19 06 5C 8E C5 0A 22 C9 8F 2E E8 10 F2 C6 49 93 CD 25 85 D9 65 53 2D 9F 94 4D 56 0C AB 86 E5 1C 0B 79 E8 29 71 37 D2 7C 1E 03 92 29 D0 9E F0 2D 6E FB B7 9A 30 F2 DB 9D 5B 10 F6 F7 84 20 D5 35 1C F3 F6 FA F3 B4 1F FC 42 AD 03 40 4D 72 7B E1 2E 33 2A 39 C0 F9 4C 6B 16 C5 DB E7 91 EE 3E 96 8B E0 B1 B5 26 3C 3A 56 76 6A DD DA 48 9D BD 84 FC 7A 3F 07 C3 2F A5 14 0A 84 57 71 34 85 63 42 76 60 74 A5 39 0F C0 C4 F8 58 44 4C 86 CA A6 20 84 7D 21 5E 57 E7 49 B8 19 0D 30 26 5D FE AE A8 C3 75 5D A7 8B 50 E8 30 AA DB 7C 96 C3 81 36 18 67 C2 37 0A 52 57 59 80 CE 7D 22 6E 06 02 EA BE 77 08 5F 4D D5 03 73 35 35 EB 42 F0 5C B7 CD F1 55 E7 1B 52 87 DB AE 77 84 </span> <br>  </div> </div>  <div class="tabs">  <div class="tab"> <div id="tab-content1" class="content"> <div class="text">  <b>/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\</b><br> <b>All your important files have been encrypted!</b><br><br> <hr> Your files are safe! Only modified. (RSA+AES)<br><br> ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE<br> WILL PERMANENTLY CORRUPT IT.<br> DO NOT MODIFY ENCRYPTED FILES.<br> DO NOT RENAME ENCRYPTED FILES.<br><br> No software available on internet can help you. We are the only ones able to<br> solve your problem.<br><br> We gathered highly confidential/personal data. These data are currently stored on<br> a private server. This server will be immediately destroyed after your payment.<br> If you decide to not pay, we will release your data to public or re-seller.<br> So you can expect your data to be publicly available in the near future..<br><br> We only seek money and our goal is not to damage your reputation or prevent<br> your business from running.<br><br> You will can send us 2-3 non-important files and we will decrypt it for free<br> to prove we are able to give your files back.<br><br>  <hr> <b>Contact us for price and get decryption software.</b><br><br> <a>.onion</a><br> * Note that this server is available via Tor browser only<br><br> Follow the instructions to open the link:<br> 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site.<br> 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.<br> 3. Now you have Tor browser. In the Tor Browser open <a>.onion </a><br> 4. Start a chat and follow the further instructions. <br><br> <hr> <b>If you can not use the above link, use the email:</b><br> <a href="[email protected] ">[email protected] </a> <br><a href="[email protected]">[email protected]</a> <br> <b>* To contact us, create a new free email account on the site:</b> <a href="https://protonmail.com">protonmail.com<br> <hr> <b> IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.</b><br> </div> </div> </div>   </div> </div>  </div> </div> </body> </html> ��

Emails