maze

Sharing

Copy URL

Twitter E-mail

General

Target

5109279116918784.zip
Size

1.7MB
Sample

211108-htfv6sgfdl
MD5

fe845a2d438cd6eb08bc075551ae8e98
SHA1

bb6b689dfb6c1f1e70c86e287add2315ef222195
SHA256

ab4c81f552a0dd8911bcbfc6601350139b72c1b5752b70ec699c465b3c54fc7d
SHA512

ca2b035aa6bb9a2964721500023af0ad643c8d5511a663008c9a2e77b2334e1effb5599cc1eb91e767ba0080868fd84d0bf3cd85e7ddaa607518e0ad594104a7

Score

10^/10

Malware Config

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6c850cca114ae82e e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6c850cca114ae82e b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- IOxeP7q3nZ4bc7Vx86Jy9+ys8MpAAjxSXHgyq925BydOCsSUOjfZ8K0hVjikc7ImOTlmlsqeJPUpR5zFkG0x1HXOSeXUMj++mYjcsZVvnX6FVdJzFoTzGGertbSrrGlIG/9tsl9N2m3Ck2DE2mUSyu8TBfD094aLE2xdA01xvN9UbuUhvjP+D/EuZ4RNwuv6zb0EUSVFb05hRX0f3Oh0C2FzdCMCIdDmZM4WruaqZMP+wI0Deo7HbCMs4hLx0qvw0cpqc9v/Jpx4Uj5/o1BWCu4UvoQFP5mUvsEc259y1+96OKvKn32KrzSnvkazT1NlI577b2quUcZzWRB2KGkyxjPjASVP41xd6RG9EkPqJeakHy0FV4Lv2hFNvM7JkT6y12UVRmsuhlnJY1vs3juPSVSJfIfJ0Rc0rMSynao8p3FxF7hF81CRGqPDLVHGr5nprBASbpTmcyAhW/igHqF3Ip3i89B2lWveR7Q3B4o3yyTAVBAhvrEVZMYayZQrsSaRVV0pPpytiop+dqIz3OIl0nfg4JtnsFT72Ozt5XhjzzHlvr5/DLmBVHXyyknLUubTG+9mFR6m22otpOlmZA0DNST3QXpjOB84pOAjpYy2BxirVhzqo6r+nK5eMsc6T8GQkNn/hYetbeNTCJsZ9K56bGwQ9tQv1GvNZyV7dNf8xGtLEctrtTphKUTG32wtw0gjZ7I8FelSB2BHsExEGBdyY8bFuFUCgcYLmfKVCXGisLvi5ugMOESVxEnIccev5iugxf+GUMxlyFT6w5HVJko9vNI88Q1GWnyvpvEhjO5bi4sekJ6VKcPr0nXMvt+a5h+Zb9XcF46j1bMGi/Vx7k2DItsjFZODWtNbuPl+YGJP5VLiwCUjpwTiKgkjcs5F58yO3Wp4WSqX9+dZ/qTSJk4sXATkODm4ks3V73X0aFCVqg+Bh3URM8NfReijps98wK5So0pkk/mPcS490TmGzuv2NS14yTMvHjtrqdjzc9XCeT5z5oAUmezt0Qq5gb9V9xXR+MMIFeSd3XXoJqebie2MNnZO81LTaRsG7efrl7tDgc2Ge/VFfX263GBR9OYQyKaRjTBlPr2GYABXZFtIAhtKa8feVv0vz2OrM/vh7+ghp0guy9k6jd0XSBZpKFjP+RWa4QYXGcB7N83WIGyq0osgpAMxc7hMypjQ17NjYTYh1p4z0z2Avyo+76dCPcPSmDvWuxt/FrDqrvaO7rmhhLVjv9zYXhKHZRyrO5wUBdWw7z6Fmo3fz1BxjmmDltAA8Q3a4EG7PJZUERsO2Osn+QNtwJIRd/NHX6ZBFUw+BsDvcv5cQMN4gFXszUJYTB3QIwiFYpim7qoZurG6sBZiHwcj26tvTtNbWcwzPVzjpoNvqMfZkaJ/31mCeVLbKCXSokj/Au6d8ADIX/tzYY/PH8RPEA7Gwp23XvyJWk3FLevoSSFFdnGmdZoXLrj4s8XUh5R1pSWjdr1PHq81KBjmsiChcOMED0r3JPIT4UgwadGCWvS3/ormGVX3Kk4Ff41EDW4XDpzREBxLrYnBY75563PZ5ulzyflfycJ7qVgdaaFFK0EZ+IEaiMIun3PYx2HysRgUgDLZxw00bWLN2eBKCTQTlxf9IuxL6v/KTFFiJhuQ7lycm9G3EQ4hHOR5hAOk/KjXZmdgPfIqN/DRadUp+E3oGPY/NUZur09ZDbTDOfKBtyIUNWbZBlQbSUz/T38ifBJrJWWey1VJbPJ+0o943xV8YZaEK/k+TdCv6FzpAlfGtvqBAK/0VPm5L1U4as1/V6EcH6BuW0NfpQo5oe3v5w9QKpyf6BFIUsP3LFEU57rpb5/Pv540+H34J4wxxprjCy9ERgQO6XCtawcsjiWNZXrJdVALPjihJ6GbRSKjkfoNYd+xYEzD5k1Gb25AOlSFWwXkXbMvvBeMYbemsxxeRMdExnrcm3FvBTZ/lK/p3H8U1lQcacTljeQpKclqBWuPJPM0ppKijqoRCb3wVYjxER7Pz5Ej/hOgml/5f6LAZhi3Q8e55ykxPgi1TyaJDKN2ToDMa73tU3noxHLthzlJTLkHzLlUZShNLmja2hW1baGd7Q4Mid93+qW3H9RqFCPMaFpn0NHzDINPVKEuPjVtupoATBeKqOpn2Z7EiwDcmJeTczVxHIdEaSZkD0/nEBtrYWwB1dxCzphh4yCpw76jJg6YvZ8NW0N35KBMcMylqI5iPVZaPpGkRlZZSa8ZnbQz9HWrUzWuiwoiNgBjADgANQAwAGMAYwBhADEAMQA0AGEAZQA4ADIAZQAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAFUASwBOAEgASgBVAFEAVAAAACoMbgBvAG4AZQB8AAAAMiZXAGkAbgBkAG8AdwBzACAANwAgAFUAbAB0AGkAbQBhAHQAZQAAADoofABkAGUAcAByAGUAYwBhAHQAZQBkACAAPgAgAHYAMgAuADMAfAAAAEI2fABDAF8ARgBfADIAMAA0ADcAOAAvADIANgAxADgANAAxAHwARABfAFUAXwAwAC8AMAB8AAAASABQQFiJCGCJCGiJCHCQ09h7eBuAAQGKAQUyLjMuMg== ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6c850cca114ae82e

https://mazedecrypt.top/6c850cca114ae82e

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6c230cc22150f7ff e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6c230cc22150f7ff b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- Fj/xm/tSF/r4iQi4A9PyeDqk3eKZgH3PWxxEHlu7thhvWwW4KwaROhfv1g4PiqPLVJlcQH5xA/7MdbIflaRZXOqxa/GNNix/de160gKiglp9CO0KTT5O4mV41RvwWAKiFjeDp5dxzFMLZfohJY3XjN0KxBAG221dO90waGkke3RnUvsRB4L+JScP5TFxUzQHyiPPcb6KqneswIVe30d7Yths9gO8m9eq6G+XT+1p84wGiXEqo7ZE82t2ZtdbVAgzNVd3n/Sehj7R4yYtoPM/oPCUcINM/RSWUOTo3ryqtIiclJ8RsI+cX0kg7JHdTrfVjNLV2DI7SqSESmcnVFUGlpEBVgXO0L5pdz4YfHsjZwXuW2ybNw2jUlFJ8eD0YONLzwrvcWuNJ1sZS8G9r+8v06kCi1nO93nMCmMYJHPD3wOPUb7BtG6FHfVx/+qsjZG+k7yk6SGYDlR6mB7KoCZ/Vas/hDFH3OMzeuTrPG0z1RDFTfgwwnnX7juDKiWV9plhs8xQoZiWeovT9B1n5pvMpY6Q6V4VRBNMs9/PGm3pbyM/lLJ0RvZjlQVgR5pRgcIc2b1VfjpW1fQzBxN4kkcJbVaV8d7/PpDlT2TgpiUDIr50MMCWC1r1pqJNsXHzTBwPes7SdZgQuvd8jYz9SJ79PKsrih21iJYSCkiY+n0cSzUFKyZXbGnNzsPLqN7c/Qwu070t+PibvxlVdYXX0n2CP8Y6ALOEbVB28wCRuOIG4fBhJcshbjqtHYF3QlIAvc7MysbvbOPWhtMIUuScwJldUC/O9nibqsdvf4OlE+xXN9N+8Pdz0E20vFFSeiNm1uQSVMySP9gZ6wmbyy1fFaH9SaVpS/opF19lhZnPEhMsUh5WxHmkhKuJYvTk9uini/6FIsPq39llto/wkBeMofgwMwdSPA4KzepHxsfTP4rOfb+rT3kKYNkfv887UoQ3PXwnT3W91Rh80V9VM5My6uBZOgxX83VZ9SpXudnU/bgBuRFOXOfW8ejhtwIqFu+udVr5SuTJPAKcZPU7Qig5hmKb+l2vldpt2XNTkeF5tjjXNb3/og7ZOEPv0Ub68gehGmCJnTq/GQgvYZhh32PC4Qbt5OuLF7PuiJTC4G76siBkGWZcRs57k4ARG6SVdtsz7J00vrQgPXaUIzsKeU51FgWy+a3ywmL6PahNOG8lE0aZE5HeHhMjXB3Z/DgK9BIVq6OtWrPYzmImfeu5JDRKmd6XSSIl8pz5BbhMLCiAiqXPTT1RUqd87AQ3xD4+eyHIoytP2ZxzYgnvI0gakeJH3iD+qLp3C5PeziTCqF6tZlzHVX/DO3k5hAvSPlres0Cx2ukMNxj7kFBE7Si+vr6Jqd1lQZi6N6icBI7BJh24eAyMmwhPP/OxbAsJuHedvLBwyRqxJx2E0cOdRlHeR1WPVKU4z34hnWnE+YDyjxhBnh5bCAr6zkEa3gA7C3q045g7IldDxr4OvQTopOXN3ylBV7lCa0fbOtsOMVotg0j6efqujxo+vu3ewwA+uMFikMEY2pROEZkLyGy7MOLVBkYV+dNOdIXOPpoqsq11PKs11oc4MufiXDA6eYzaRn9dHTa8046Ip65CHzeGJuOZJEpvw0MboQ9E7nyOorurb7bcnbTGGoVAOOdVAx2b1fmLzsZjqgDgUqFMHYs3HoFvoKII4jmGwweGyzwC1G1Xkr7ik5HpRwkXjRq1qqKBonEbI8BIwrFHtyr0FsElzwOBvJbdB8bAWlTZB75jmzsRUUCTHGzdBqG0R7QcsJ7uPwHQL6gCIabuZ0T/TDMjahvo2kiyoJ2MTYamo0pEXGItVmmL/k+0LpKVw7Zr1bd3P2Umg7YmPJqwDbecrNe88r1CLC9V+CQx1IKFoJ14FYsAV9L2p2s01ZZxsKghCUDtsBeOM/DlxLcpBJth8ADC9klNGC25T5w+e80aa+sMOMEz5QTHVjFgczzQxcNHCsx5FRNMs7bPKWATRx48zaWtM+U+47Ngu9fPsEtkBaycafbSlvYv6Q2gP9AFdxqclmYqAkOaMCZYXjQC2rRshubADFiFtXeGUWGAnLJJzbrXvDmjh7kS2zHr6YGm21src07f+frUUtSgqWfCO2WKtH0xZr/QFTevUo/o+sLsiAugUtGH3qaJAVuOBKX1e0/98bTxnBqcl0phdyTvuDQ6EMiYpHOAjJRWbAThZxviOXhFBeW4tIAKNGEILReRxh6/Hrmfja7B+PtaHGMR9gAxaAoiNgBjADIAMwAwAGMAYwAyADIAMQA1ADAAZgA3AGYAZgAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAEwAVQBDAE4ASgBWAEgAWAAAACoMbgBvAG4AZQB8AAAAMh5XAGkAbgBkAG8AdwBzACAAMQAwACAAUAByAG8AAAA6KHwAZABlAHAAcgBlAGMAYQB0AGUAZAAgAD4AIAB2ADIALgAzAHwAAABCNnwAQwBfAEYAXwAyADAANAA2ADcALwAyADYAMgAwADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhw6qXWe3gbgAEBigEFMi4zLjI= ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6c230cc22150f7ff

https://mazedecrypt.top/6c230cc22150f7ff

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6c850ccac5956c0e e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6c850ccac5956c0e b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- di2eVx57p+lh97Y2irdbrBDpSOSj27KP5V9KV0Syb1LQGlnj4yuzUFL8YUCy1MGoLYqx9AvxqSp6SPmidpwKkkgi20rzaZelukEW+3nwD445ZsSB4XTEMBstYbXw/ggqoouZpbvkxabOeMYwZ3BzwwaGNys/Y5HkbfFqMFQ7MYAALbiUu2ZjfBvHaZRIhjM1DGSQXt9tRQ3pkt2mI1Ehaq6uT31sT57af93wIv+E3ubbGfFxdcGzxSqlPYK6q10LPyN95Evgkp4H5TWzMvtNvji6SIaKF1n4a22MArlp4moeZVr8VQFqStIkycWSGo3c0MGgovGKuy22Q8NQZ1LWP+2u6QSPI4rK36vcNlTSISW9tYSigspKGSbEVD7qZT8IoQa/eBYfQYZG9hPwXha6cKDvqUXT85B++s4pKZwMdu0F5iWBTykJiKD3ruR/mChqGKjI7CfrwGs0bcl3QnuPrbdI5+Oi8da3QcNS/3yFXWIxqJ02iZdxRMhQTZf7RmstNwFuaA6DUkI0zaG59p0yAdX4AvyUZ3xF0ylcgVoV9ROFohXvuEWSyx7cZvM/77L/c464V2TOYqLPSdiUoqfCa7mxTNywk585Ihi7q3vl+jetRRjl8pdVfZcr9LixYbEGOkZ+CXjl2Te0/liuCeUVCRqygEG685tL40n6eRJBjtiAtveL5sspxfXYZtXdR1CIaBNO2qxvwbaV1lOtumrE8NcT5QFLj8gLXwVvmPLSccu73+yqI4QAOC9bSgwLKDHiijUd1Mltk4mHCVLA7I1XwqlQJdUPgK/yvkgWSeyUXbFAakBX8kdQrh8CoauH9lshYp2UzArJvQC0cCpI4UQ5crAuXMDBbjKG1z3eMjZqV2amzTDZ8wSyIvgCt78emCETUjIe2pWfx1dYMZx7cCg9radqY7YN9IAYsZo4bLDv2iDIuBQQ46Oj0hJk9y8y4hiiUS6POrVWzHp81mJ4mUwJZrpJWrUIH+4czl33fnaksIOlsk6fIETiNGR5d20k0tJXxEW5azQM3WCTmGTmMlRu88ypKze45Ghu0lEG8YikqldQABZ+++tnzx9oKzHkHPsxeAQWLO/y4fXpSMkNxhVEa6oK97aIxPGh2hHXhqiROPUDowD1ZeB+e8HXxDWA217Oy67C+obZhX2g9RiINWU2h1qaOs49Uh6JV/RPTi8bOnW8hJ5PbvLILMio+U3JPb3y42CV2yDPYLTsLvll885HFBG0wLtMCHxPQwudcMsfHH1SaMFxzdhYc72ey41bkse7jh8bcRdRHYT21owTMv0/Uz0IFQ/6JYGaFqc09M1GwANCaNa0Ux7aYGctPTcCPXWtjVV+VsqVMC7Ggpx2w7NKeiyamSSpnOO98otYcRHRJOxduEihULeevwuPuNDFwIEYWwG59H13Ex8Pu5uZj76Kw01XW58F2uqz+zYSvsA/BhJeotGTukKYiTJKmnjogmfGFScz4R3dvz5z9OGAA0J4CYh/DKKY+I39e+mkP+k/vm15BL3/ir5ZC8a74ndEpsySLCnfh8vW2S4A5xFhFKg8VzzMMj8o4VjIbrR9CL4MhFyk6hLlXyeASopMjVi+qlQm2KxN6gsTilMC2wh0tNkIGinYhFSdi4CKbqe67ruRIo6J8xipvp91W9htQLtyFbmZ62J46wQkK/WzixEIfgV8zQ2VlbXx/E/5IsPs3eRdihqhf2WxbNA3pN4UFMYKrjSTdNT8Ecn0hoSRX4I48GddTT/fgqdumNklgotRFJZOqpESkCPxInWufFa0KI46GVHQsgXSRO4EpsqPNMYlZj9JYF+PS7K1AJ+Gb8iD+vNMcSvLdgvCcN75TCY1RjZXCXPteL1cY2MK4zHUGZrkpfnKDZrtRFDrLRQg94vKxjov6buwUxGqktO+ajae2Hk3r5C23J6BW5sltY99eQCLU4VOIq7xvD/8ZZOF10o37EumkjpCnWy/EdD8AhoRD42r6sK68ENh2Wetxu7/vbvbiBf4QhsdC4047rsL0rv0dX3FettvTapcIO1UebhLs+JurtWhT+nvNchJIOGJdadrxW1lWC++ei8bcBlSV+6735d47gX7ifvDE8lFWRAN45JPYsSg0xrpNavJlzPiMHzMUYjlnb8YrPAKi0V/FdS3MwYv/b8NpFBv9gXptOqYnbnrlzh7yHax56Xb8utO57gx31vktPS3m2oNQrmfuwaYMa3Igl3yqSUK1+ZM3y/RAx3BAu92/jUXTQoiNgBjADgANQAwAGMAYwBhAGMANQA5ADUANgBjADAAZQAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAFUASwBOAEgASgBVAFEAVAAAACoMbgBvAG4AZQB8AAAAMiZXAGkAbgBkAG8AdwBzACAANwAgAFUAbAB0AGkAbQBhAHQAZQAAADoofABkAGUAcAByAGUAYwBhAHQAZQBkACAAPgAgAHYAMgAuADMAfAAAAEI2fABDAF8ARgBfADIAMAA0ADcAOAAvADIANgAxADgANAAxAHwARABfAFUAXwAwAC8AMAB8AAAASABQQFiJCGCJCGiJCHDugNh7eBuAAQGKAQUyLjMuMg== ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6c850ccac5956c0e

https://mazedecrypt.top/6c850ccac5956c0e

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6c230cc2f90dee7e e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6c230cc2f90dee7e b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- AGKygLWRwAngJwoq5OJV6nBPvcLYhQfjY8IEx/7KC5KNPMOJYnGMdKYdOxmRVbRVWzIUHTphC7FzV3ckYIUpkMK7uaPDp9V62bsVwXOmmcV9iCiI9yg2NrlCiG/Ka5NXyBEzOfIfjoDfW6Hynan6fj8hOwdHXGxMGnZxItztd/q/m2f4hjWt2CCStHf8HJwU9YAaZwmOG+dz1N+U2GbnFyEjLIxPsfhRXJRktEEAi/5BavGpe3zdrhSl8wgs8E/h5v1n56OdHXtntLYB5bwWHdY0n7Y94cra2wN45PhSKUNhyLarPJB2jPxQdrX493cVqVX2MKzsZTz+WgvVfuugH0jbzKLjB/3FowPkMFBz3i3m2wPLaqRT0e6vNaIgedgaYWVj19qgmPJx7mUlPSuF40d6RD2yFo0wX5vefBeLTktaXFzPEylFOrtCPycQRjq1t78P8H4UoC3fqpR+d2wpSiUH2VeVqWd5gnLc19UvZ3JXaqMNZkoxrAyvfz5NtN5xt6BvAxCG3uoDTM5FXMMHiIF91cH5mthEJWa/7TbV/WQarKEKxRgqLM6pRgbzlxsDuGt8V7WRIZkg2OUxZrbZYrWzecxEEDxAWj04Q1rm8KHTYXJBbvj/TqO6bdiKVnOR7kGjerRvKWMbq8Tw37+cFbDpE3Lvyc946FLM8yB3pL5VFEOwx6m9qSvpvxQEuMxrUAczAiNajsDDknE+GpvENo86n1pEkw7nHEyOMclN1Y0qFdNp6i/eFiRXPKLvxe7eGuaKo213jmUYLExoumYEz31H4xdyrdRxVhl7Qs2TO0X63OJaYwiYVHFz1q1OW0dfdjYzV1YEt06sizbgJC1P+R/Zk08ij3jbVqoIiZe3CHnoT1nhQlpoqGXgQ07oRvXO1hKdXR2waq40Gni/3Gi4QUUmVP2isBwsGpa9OcC2woHCgOC43ICBNO5fEvRgc0hrTyvvU6q+xY28ni7pwgDk2gsE56fmD+/spZmuu9On8cJCRqOJr9MdagV9s+MvnXLORSD0KPPzVoNHV57hFdaDBK9rzCzP0NTR/gX1gQE/DxTbZKMmLeNz2+phpuZjpb3ymNiTpZK8RkETdrjbfbbi3g2xdhwAfm9Nb7rOEQ4QGpZLHFWjxFzB0nSFttkg6ZShkndeiDvxxtVR9Vee2JccmslvZHpbbcLYCUJAFY3xqjbxDLchDhnuOoHK+Q2kTmgd+M88x5qg/dQwsUJPcBoH5mbjH9G6wjVFt/YEcwNmf4jFqM2f/kIliuuIV1plFymYCghjEBYwPfK9O+QgQ+xNNexE8ya6SZQQhNp+ZOBN8/+4uOX6yyDe4bkugUf9KkDjE/BZ7EbYhssdEDho4DxpuuEBRbikriZoLH4oLet9Zane+u2NcI1voprUO7quOY06myGLC9/edD+WuSYsiswzuF2ngCg28/EO9uTD60KyFmXc3HT9QPKwLzAKlpu/tifVXYK8VWKuW0n/gZ+zdsxIQu4uBhBV4oY4O7o0RH77w6jHB7IDp8C7FTudbL5w81oppmLvBDN/q7E9rIumptZTq8hCnIw2ZfG/2xh6zIsoMFU2dmxZs3zrOJNNY9iCsORjY1qFB8Ovkip6+JmCr21rKAIgwN5kDUQ2HYu3qHqX13WYf8GQH2ylJx5ZhfcPMKCE9Sy2ydGwdYn8fGGR0gWlCj3lx/sZQQ8NWI6wBs5bP8haknVJhQPMfqc9C0dq4AiGGYHrmLR7MtmMCZnkFIeRZ9HWTD0vztSzT+N8VNpB5WZ/qc6BE9oN59ljEcl6xPvg3YXkKCdar+30M45EIp70l8ONFL6ZBBs3M+y922n6PoX36Tz+S48lPRGz3TXjvwtxmAY20xLc45VqaCaEQiSjeSJAua1Mcsm9UMiTE0sJ9riWIysPEx9uRsFoVrof3m/Ol9cI6TkEtAul5Ku7n8D4VMEcoqKxvtSuiCLBRZPIjwYP6tAP36gxYWOUhgY8mSHhbUwbbOluBSA2Kh1JJwwSv+NkShOqkEODOZ14qnKM2a5lt1I4NKQm+g0kFSy6PKDjdbxSup89gP9FMJ+ySqWxTJ7l/wNzRzaLpJps3VL0MI5zWbvurOFx18Ja4rCulnR07n2CAVI+WuKWPsIFg5/UojC6IMeRvwDH0LsONzJngmH/SP9z4J0GkdFsCB5MilL4cSUCyOQouB5YFcC8Nas6cEzatkTtYLAJj3UK2nAaaI03anqRpG/gsJZ7SQasbUgxqAsVngoiNgBjADIAMwAwAGMAYwAyAGYAOQAwAGQAZQBlADcAZQAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAEwAVQBDAE4ASgBWAEgAWAAAACoMbgBvAG4AZQB8AAAAMh5XAGkAbgBkAG8AdwBzACAAMQAwACAAUAByAG8AAAA6KHwAZABlAHAAcgBlAGMAYQB0AGUAZAAgAD4AIAB2ADIALgAzAHwAAABCNnwAQwBfAEYAXwAyADAANAA3ADUALwAyADYAMgAwADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhws8fWe3gbgAEBigEFMi4zLjI= ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6c230cc2f90dee7e

https://mazedecrypt.top/6c230cc2f90dee7e

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6c850ccacf4fc728 e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6c850ccacf4fc728 b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- v/96S75/iMNCiGchr41xsrSYTOndZ+fiAdrZL2g6J+u53+wcG9sI21NfRscdU1smgm67R47GSNU+b4LHiYG0afz8ozoZsR+cl0VzWDKsankrXH/V3Kp9P1VRG8IBJv5HQ1QKaq+caewK/BuTPwSC5XC7JhG2YewG+m+sAkK1m+xB03IMHXrtSKqXIIqrpb76o4ZmVfJUZv3PT05Oym8cvg2K5S9FM5hpTSdGZqSz/Xo5PbzOCfbugiAQXxyxQP/bEyJ5J50j7ADplaZbaCfHPfWh0TCdgoR2zQ98XfTd3UZXXPggtWgc+PYRhKfuIKfxpB1NfYnfOFcN988GJj6j1XZLWXaiNbCTxp8TqBw4xj0xDYf0bB7qnRRntpk0dHFes9yaxwtzqkhCxhSfamzzJ2RW6qxp35V0LDnvu+O9jCUG52IJw5ysBVASxFvphjwzjaL84bnaaugYoKl0Tw0D/Gwo5OffJwMQnojZ3N3NhFnBRV4ZW2l7rlRhJiRxE0FJ33OkfXRrAGdf3B2gg2Elm8tAx/qMAi/grPdX+2aWSoLlSsvVkYNwO3k2Nqyk+9tdgefMp+DDQ3Lqf7G8LvwMqQG0VH41Hryox9ZQbgAmhdrtos/dgAARWMkdQ5ZFzrY5C+jLMMQNohp175Rmxnbqe7T/+8eqYAZtO438zFZ3zRE49d4WbRibneB2somWI4k1h/vDR0Uq6Yc7HqNiEWobdMtm/VvjNv9onuo2qpVWU71vkP2/P5AvZNmvK/yxah0NxlbiC3/qouR5MB5a5OO3rDKyFb89VgadCw0iMJNDy3wZGB6kFstcWjDsuntb29JdohrupOX3TsxPkHbqDLYAUraKUzp3kjYpIT+wknbAmqb1kGVoEcSxzStu5+F1p8dhAlokjn/Mt5h/x49KllCM0igOgPattTYK4CDoHn4/Pa/cgigfzq5ONxfOuAulzaHWm3nIQPphsDX0sdrCjc/bpirk8WJ4+Zzt5nlKN7DjhV3VlISW3kwxRnKwxmvfOJumTVbLsYXIeBqrtOFhEWtfH8AvNGOztz2ulyap8g3ZXFqC/c2mL09NvItVsoigm+sMT3TqRXLYsdG9WLNs1WxmXjquWghKAm6Am60d27l7Ukpi/nA5gNYwgdRVdjzQR7PZbXBSofdEJXK/xjgCuWP6m1qXkO1BzbnV721CNaiGG0Q7e4KCmYjnCkUZJURkcJLVICT6zVhDDON/mnV+3l86Z15inIIJqdbLu7lnB8YP4NPfUZYobXuHUuBzB1FdgYeAeXcWhoJiDF9g4PU6mxP6PfGhdJ49nX9zYCzcTye0ovjkZilmhTFziKmT+ek3W5G99yBTXRTPIEuAVPRdlbA3TJhyJZRMcY1l1Pj2wy7wvJqQqUkKov65oH63c9Xrvf41rYa/3tDW0EQualxitWsjXId6Mbzdcten71OwupkteLt2ERUFlhUfmlnwt5KSctpiRlPA7DvM56Da3nlNBwt1+uUrzbf1D2xJbbOzTrwpKgMQVTVOEvfeKDW6sI7O6MBufLYj3i0y8hzIViTsjPi4ufOk0gbFy4a6/uenwQvIpi53sPH4D+MrAD0jr5Nv6llO3cw0dRWjEopogE3CinqSHOv2FAjkz/Xm01slowwWYWbg7ybdCT55E+4dBDXvCUX4foWxs2y9WGHJrFAtl5LDRhlmRXLE+WlBJ19tk6ZPxUxZex2wyXBTPbLe0XEHvQ2pcJ10qm/gUcp3Q5v+mHOIuGeJrBVnkRrz58+Isy9kG+gHojry6KVat8WP/HH30tyuYIArbCPfIGCF7cRLqGFyQqy0LulghJLK36UK/bxA21fokGQjw6Uys+kkrxbU/Ym1gPiRYxkrLvVFewUXvYGXc3zFH58lj/PP2L9wXMfp/cn6KvmRbDXwwPFuOUsvM6MiKrvu7NtNzMXW56V/cIRxfz281iJLrLBEgBJpTG8zHvkaODKEVXRTRMJVJeFS9V8z/1QyMojpiDBkD/sUfxZdqdEwdtdr99Nr0b14i5T9mR3uneiQwxo1wo2TAnx02LlXxPA/OXBOJ4+uPqSbRkm5p2gEx4VAg1NJMuNobZnjEO9IwyX1sZPeOJQhtvXFpUvC+QilN7aW6tdLMUZpjvkDsv3P3Hw8ME384fgh4xjHPZUbitiHQfMI1K8FgYxzXl/wE5GckiCPhzKOtptxE/vDSKz8N9tBCd8R5AtUu3pGSmLxXqDR4U53nTvbexyQZJWOAX8XOgoiNgBjADgANQAwAGMAYwBhAGMAZgA0AGYAYwA3ADIAOAAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAFUASwBOAEgASgBVAFEAVAAAACoMbgBvAG4AZQB8AAAAMiZXAGkAbgBkAG8AdwBzACAANwAgAFUAbAB0AGkAbQBhAHQAZQAAADoofABkAGUAcAByAGUAYwBhAHQAZQBkACAAPgAgAHYAMgAuADMAfAAAAEI2fABDAF8ARgBfADIAMAA0ADcANgAvADIANgAxADgANAAxAHwARABfAFUAXwAwAC8AMAB8AAAASABQQFiJCGCJCGiJCHCLwdh7eBuAAQGKAQUyLjMuMg== ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6c850ccacf4fc728

https://mazedecrypt.top/6c850ccacf4fc728

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6c230cc26eb0cf8e e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6c230cc26eb0cf8e b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- Rto9OJ/B+wuXpVIHEZQsln1aZDiGzMfDkWgDrXYYGSuwLo3w92YBOE/tKeItQoa2Nm7i8MbHq3Wd5tmbBgyA40EDIBOJexgEpzkTzifhDlq8Y1AuDKbieaBA9A78Y/OefEQFsS3PvWPKgDWIrJsd1P2mAmLqHClq23SmM0dI0kmSlchyp4y1bYNGz0PcMpo9PdsQUnMfjOz4xojboS5D/ag1OmAyTDZina0qDRle4hPY0cxgaTn0U0xjuumiMGkjwLgyZl6FL1gW+Y53NTcSLFIpAW/1w2cGfOz2cSLQwUIWh5uMn0fGxGPOijT/DXUbgqybuATn98hAHLGpG13mRX/a9XiDbWbZHzVCGOGYYKaeQcTIVN8nsPGFOoNLZb/cvokaJ+SZ1Rkvs08hjgr70RyGnof/L0H9bLc4GWBbugN2mnBJ/yRerwIr6tnkVvMs1D24WhZCIgJ+el6cDi1n1IYaWKzktv2I2QxHJLWxnXToeIZZUTHtGDVFTwd978mkmd/dzDzEtiLuZ0MZaDCOiVE12JPHqQsQHmVSeF0ws8V1M2kTnAEECgo9wwRKczE4no9sGw/av3XzNNwLfP1nvz+mijR9mVL9TDKYRcoldTFv5PmO261vpQB0SjpK6M7zNBXCWAOlYNyX+Wu8mLatX51f2bYzLYUrslX1g6hXcNTltnd4fYG6wOcyp2VFsMVXgaDsC2ozLkQG1X+qMfQG5BgVDf+x3e57j5KicWy1FLVkb3xkAatCCWwKbh1+ohXf9ErBXKe8dBeeaCDL9vWppEINT/rlXzPOTr2MPkmKw9igZ0w1KzZGOXPV9DuZkmogPBbzb5/fg3+Wu6H2UAcinF7zeEnfNc65MkP8oZer7rHxafT5SlXTBFrA5vlJvecFlM3I4yywq1O/Rf2CsdgWdEXQL87zZvyQYy7LI49W3eRFdWMWIGnj6D4Ga4dx0T+vsrNjiie8Ujk0wm6qKPsYzit7M9BrpVimZQiW9dDYNO8K4gQCe9GMpzSCF1G4w9JPFEUArSV0g1BToN5tihGIl5OCxG1YRykc/atUaRLTa1OuPFKzt2mDPlMWuwp9FmT0TluWXtLHOiNKb2TR4PPYZGpLH0Mh9sCrekYkSxbseK9+vzH11k+uLtvWziWGaWT2kfpIpo1cuOK5VIHQwi9jMPtSTzIXqq3eU4AiB/ySysTXYmYIYquTL68fGqLKXlqmpue7gelwvXnrHarZcSRzf/FAMkbYTg5mxw24UCXmoi5gt6RHz8eZT7G5hb4vaGAtX8G76spc2+x/hx3/nw+qt2JkM0VANJV4km2r3vSb4mWkLud1ySCxxMwAMZ+7ThdjFqbae29JreL7uQaFDlAcheSeZet5KzxLiNY6V2ynKNOv/RFVwINC2iCfI2Dveov0zz3toVNJRXJ45cGJPS9wOBAwxuPD2Rs9AD48QGbXKHJUPA2K8DNyaVL9UAGZqqwunH416MFkm3lmstOcm4ImYNl3/Jl6tW0NfVFd+8ugRTt4yM2rEls2eWb+DBc33DrYHt1pebDNYHYwdvW/pZHKOmDQ0U9MCMK4ZpCF5+hgDgneWyFd9BrH94hOrjYV48YeXqAxDqfaE1q/a24ZpvGLLt50wK+10k/flXYAd5nADwtTsODNJiSWDvMZlNZB6Q5rh3MeBxOKY4/PYn1qYGkjqQhG1x3+C1lAFJM74mRsdNTB8qmgZfqjYRUVtJt2InBoeIKppp7Vlj5DZaPkc3tax67FQEitqFUyY6GZumqsMCR5xHmgqX8zdPxYJlRI3LAmrT4eNcVXHYMVgsQAvBitbxohq0/SBOkgPUf4bLocKUbEC8yR1JsYmshyZVKEucttzGYmyhqYKWaIBav19kJmWqjCj3i1E1NLWEUanXBZRr+MZ5mbQZEl/RCuQx4vf1yQfqpmBdSpClBdgUTEj+tkArXCgTxJaX7kUzbKDxGMWoe6OoiGEibV21Kp+AxOhlGZzfcDIqAGtlstzmSLtj+5QPFjQVgr1aeoSf50aIKKk/SFgFJ/58MKMJrJqOlFa5pubVQQKWqKuE5h76Dtixk+docZRBJQp578nu9jMeHtNuaRGl0vu8cjo0wQak5FKR6KgfK7IDPg/l+lXmXGGUSscjfque1alJKq53Jek93tOWzZwQi3iyGJa/g/T93VuRwIDrW/frGbSoAkGCrRQSrXiwuhVbWakjeNhXnZKTTvmFeJBUGIIL2EWPESzsyKWhjSC9aRZAoiNgBjADIAMwAwAGMAYwAyADYAZQBiADAAYwBmADgAZQAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAEwAVQBDAE4ASgBWAEgAWAAAACoMbgBvAG4AZQB8AAAAMh5XAGkAbgBkAG8AdwBzACAAMQAwACAAUAByAG8AAAA6KHwAZABlAHAAcgBlAGMAYQB0AGUAZAAgAD4AIAB2ADIALgAzAHwAAABCNnwAQwBfAEYAXwAyADAANAA3ADUALwAyADYAMgAwADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhw8a3We3gbgAEBigEFMi4zLjI= ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6c230cc26eb0cf8e

https://mazedecrypt.top/6c230cc26eb0cf8e

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6ba70cb0b44fec19 e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6ba70cb0b44fec19 b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- 9OugskSN4n7LtRMjes4k+Jeqjl2quxfSTbi5p4qJZ3djQK0nOK2rp2uwH1pXb6g/1qJJqyRDhSUjqwNdUkUcZo+vqbr2oklS/Y/Kl0805defYRkMR7GaGTlGkgyqE1Syv0Tr4P70OfDW4r0dYKAptdKH3TfsPUckPS3c5lzsurkU1AavMhMW+YFbkfSGd6AF0DkK6KigvEHBQatoQYSgqumqv/ZgxIJNoisfbcFgh+j1CqlKi5BsZQ+/9bY7vAnPRTdsFP6BZVbKTn4IL3hHbEnyu9a9LmLce+M+zuJDnBkrIbHbz4aB5CbTc55AybTWzr1Icjb1qiQ6At9q6DXQVh13sX0uG5/JYZpvOn3ytJ12ZZkd9grt8TO0JDAHDICoo8zIAFz6HgH0mktefKIrMYyQ0/hUi/wbxo4ggHMsW51yxCTh4DCZommIV2qJdRba93FcNjLUhnCUdcJb1734gTAi3Zx5p5KIup9iypEVNuEPlNXZCfZpMX+Yi1ambPJCIaa2u1/NIfiVYc4bxfsQoQE0BYpxd42tPCA8cEg4kE2CLpxN4Uwuy0ZstHmO+Gvg10sStX6dBDBz29oBgMKIxNossREP1mkEA4yOJbqVjqs7Mp7X4MAvWqlRdn/zLpqyvcQ+X19UeBkUhIWAaFF93bLycbhLOCILWQXZsRsQiFcOopxAkQ7htuDUewTN7u+N+qmiglvptqyxcQA+0RIJhsIGnMagpHZ20dHUJf57RhJToscF5Vl+JI0tJYNsUDk6V13hWoKmritEfrtdzFDNb4r5a9mukVJ/vY/g8nt3qFSecrNbPW6039n6+oVB4TcRrbsULIWQssM+XACTyDI3z5xGeQCQUFty4XuFPMH5g9I45br1t2CPsExGE88eiIoR+E5aeRft5qBPdOyVPGFVqKpfuqimjMhbuR8HqWxeOLK7rLfLnzfQTwbJXMCEOh8iJFahMYChecmFB3l4QuJd16a/eiRpQsmvP/IUvWe7jO6xBoxHFUnRPt5kwoYC/iVPxvmQaiUvk5dPlJ0lrULJyhXxltyWQftvTt0HQPt78unPqiS4pJudxZ4IcTaBe0VK/u5o+Vx9KEWPXej9qct4NaES9aNHgp4v3msHGtewQU0uWh9ukkAcSqj1arN4AQEZtpcHrsKTIG7AuslTk/dXsm/9qKPV/KXg3V+4vgp7mAwO7ApTzcMMFF8ho6qUP7wnboJEtDU1uzMElqWkIxrqQKZLUiHMhoVlAQXBmbtMQJrdiKkcjrRM5hQ7ESrZOkV4K+uFvNImpYUfnDD7YjrZxR60dHJ0srK4SF7pyIY8d3+hznDhOuKD0q76vTN/RPS9U4z6ZQcHGJbY4jvCEvmCq8qxcwaEeKdWo7agMyt+uKrwSicGHVeq7geX9TXjMv6KI/OrtsxnjlD+F8bFajTd1C5MknuakM94i+sbpbBvmUZ+xvn2Kpyn6VcusPJb6bEyW99RTeom5fpeCLxbAtIZ/5qMb3enTSPzyLt9A0gFjm5Ns82l/cTwKueQdrY7IH5qJ2M7+I0IRTGOD94pxfeJixRmS7sC2UNDm9k75WwSysyecJ3W7r1KrZ8iMRxLp/7iXTsNZ/8ugBegCZ1t9zW6ksEMvuCw2s9Kvj9ZjpL97zfwTpeh3jruIV3r9A5gwIDBQUPKO4/C5Ac02GCb6VnhNGcivVi+UHprXKJws65EvKbI2ytvLTMeRltHfRPh3zR/PsgopGc7ur2cIJbRzk9IwizXYKunL6yuujUT6p1cBd0JpQyqWMsoWvRB25Pw82WDfr+8J1K8LDh3u8kObnF3fmBsHa1J2TAhbRt3TAtdD+AL+ZCtj0OwUSRuAITGj73MG5Xom84MQrdKWrpRbjAHVOffJglxkQA0sCnbddV492wJSJh4UmI3oWx94SMUMqSwDInBPuGpDs5DHu+in8Bax75n68wP3EfnOjBR8vUiLztP1cmGWbVCUOAioXiW43qTNFd4yoDPv0WhdDpP3XpGeVQNnvnEMGhVW0g/O1XYQyepA/M3mu2bYBWBJCt8bxVkG19bxvMawmBESorR1SLKmJjqwF2zQXGor0fENoVVG1mUBTe5NDfNbS75iFQpEcyT3ROtcfh84MUoBmUn4eyFigBu2tN7MOAuTaA/7i72DqvoBNxDwqIymsA+k1dcqPPu9RVSnAvvXG9Jb22aac/czHeiKjSCej3yl5D5FBHwVrE9+cTYyEQo1tVVPaW+gBNgs18MjgoiNgBiAGEANwAwAGMAYgAwAGIANAA0AGYAZQBjADEAOQAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAEUARABXAFkARgBIAEsATgAAACoMbgBvAG4AZQB8AAAAMiZXAGkAbgBkAG8AdwBzACAANwAgAFUAbAB0AGkAbQBhAHQAZQAAADoofABkAGUAcAByAGUAYwBhAHQAZQBkACAAPgAgAHYAMgAuADMAfAAAAEI2fABDAF8ARgBfADIAMAA0ADcANgAvADIANgAxADgANAAxAHwARABfAFUAXwAwAC8AMAB8AAAASABQQFiJCGCJCGiJCHC4udd7eBuAAQGKAQUyLjMuMg== ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6ba70cb0b44fec19

https://mazedecrypt.top/6ba70cb0b44fec19

Extracted

Path

C:\DECRYPT-FILES.txt

Family

maze

Ransom Note

Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6bf70cb0ceee7935 e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6bf70cb0ceee7935 b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- ufeTBrBmMQIKYNUJmP6q9LqqBKOpeMzThyn3P0ACA/Mju5QYnq8mxzCEmGyW1UHhneZRIsdYl/ReezkGrAgJ2olsT+8CNhqlfbMwXdp9mCP6VwBT5H5yNliKOjKAqt9tnTFWrZoCHww6DcGz8HSKV/bZVTHkTUPkQmguQ+NUQlwiQsUxqo617u5CzXzcaTJKhZ0RVS8UOeIsjEwECFIccvdQHXppyH0mCCI/YDX2OOmeDFZ9CM6iYWuxWmoD7DcFtGBfpwB/mvu4lct3f7vdibBg+S1Vniopgm290lu5dDiSx7XRYUb+jcCFUIgCBLbtPgkDbc9rIYpTnPPWha9+U+pAcgExg018PkndT/SZgP65+XdWFGjnoX31x4xXz7NlDmiqrYpRme7fkeukujNnPeIevEKibWHOECX6TVddcrYFivyHGgEKQgZW+bkOfKDCNggPa06Co650x8zb49bc5gHoMr3J13g86nWIOneV0U4gMEgUWRAXn5ttxcTtFX/tOWiXMv26pwY05XZGW45naS37I949MPqQsX9Fv1gZycVFgODlMl7ikmwuH109GLIWzYjj9pN99Esz4Wz3wTiqpHuwAEhsWsU5HiPvAGxGxqQxgxC6ODAEGlO5UuXj/JKkUsJRZuek1QsYB9FoWYPPQrzcTakX/oe4DJsOokFUkVDPbulOlhrtb00W1CPDb+vHUo3vdftlAyhR8mz930HGUcF0gUzOLaENsohZKhDnTLO7sr1mGBPzMLWJvT0tn6se7Roe8zc2aKrexgMjGAVc26RZJPWxGrhZtIQvK6THH84Lup71G6I0sCptav+/NTjlW0grbpqSO+Hft8UFBBHu1DeHFmNBe1HRT2ALpivrGzt9ufuxOJEtf37Me4wdO1cGFykyMaQqjpFdwmKbdw5j9ZU9yEdo7kKZZt9TirG+/fOo1SKnH9mZ/N+hCZOpGrKQ6ObrjP7VAvwQrZA2xTCnWNUnmdxO5ioOSYH5Wb53NW84IcZ3J56B7EjBtL2AE3UMpl4zg6xNlnr3UBuVlSCTONyqpWNznXYUo7AtCMBcn0FhtmvYvwOqNB45VClVp6c2AeqyS/iB98luPvTSNbIX+DHXiOgbVJnw0ckkZYDdil8e1D1gZyJ6eRYUaG7JYeQ++1HCt0kGCUP4/vwJcT5FY4+xaZXk/3b+MSIf1MGtkalMQGYoguYqZU/mzXjrT4Vy0k0XyY/jG44X6+wiSM+o56NIYV8Qxo9aPnjdn01rKMYqA73iNpLw1HOfaSo5ii8cIk1EiEkjij7/GiihQ/Qq2oI4gOFa/IzotuH9bN19j8K7fvyBhdDHEBl6R+hjGC499adb37E9iZh0kPOuoDAlQ1hHgOrYXj5+TTQU52Nj2Tqeo1DDCpRikYdthch+yUk10vy48OVlE4goZKSsW9gI8ZMKzWV8edS+nyLCUZa4tWl6YxhnT+GcmP37ThzwYfyzs0HsEXYkZO0ApoZStHS8NqlnOOTnuNWKPd/DjRUmAe+Ob5EwkBRNUAaGYXZ6HJV5wrmg8qH+hmKfpF9PlQTwS0EA6fRgwi1m/igEpo0khTQ+ZO73MM9DdNWb4CVYAYVOsP8itMl0EjoqYPzuc1oo74MUv+Uvk9dp9QXljFyi1ENYRePETNLW5w9Q1czWoGCRHTxgkUiMpw4T+4QmxjXvwOYaqog3r7uhuz1smQ6L06qkfNmkzwGbXTx5SNb2Rb/dvauZB3k1zNC5U94rzTJejIGtB+L7Lcrq32emGb4UF19J/3gJvuMuchvcbAJWVD16yLvRe1rfZp8m4QmxqytcW2wvE50pXzcchqSTVXQU+kCGYoFbZglQ+Ug1k3JXgrO1kGuS7bMGcUxQUmulmXV9cUqobHWmrzoRMrj0byaYeI4mknwVG/iGQLaadP/f8g0VaswG+ptP/QvUZ5lHhEYfidLHkdIgUggXusWnZBjSsquCZy3LWyWHqgxMKhoBpei/IzwGINQpkcoBMzZoOJ9feS4y0OQMGzhCtGA4aOk+IV8zS0punLHKiUm0T5mJwAHwVGWSqguwdq15uYtaTgkMSL0wyUo8C+1ifZ9qz9wcQSYzdzpqpwmo29BNeWVq0SGBO1Q3LHe0q/nv4NDOrgDqBEthbTMOGfzWNP/1uJ62OBGHRsge+f5amuKIUs7cHdeoVSAwpSg6aj9FE3hkoDSR573mAirDIUs8/3N/GDCR60net8eD5idYsArakb5qAneBas6lTAoiNgBiAGYANwAwAGMAYgAwAGMAZQBlAGUANwA5ADMANQAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAEoAUQBLAFQASgBEAE4ASgAAACoMbgBvAG4AZQB8AAAAMh5XAGkAbgBkAG8AdwBzACAAMQAwACAAUAByAG8AAAA6KHwAZABlAHAAcgBlAGMAYQB0AGUAZAAgAD4AIAB2ADIALgAzAHwAAABCNnwAQwBfAEYAXwAyADAANAA3ADUALwAyADYAMgAwADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhw5NjXe3gbgAEBigEFMi4zLjI= ---END MAZE KEY---

URLs

http://aoacugmutagkwctu.onion/6bf70cb0ceee7935

https://mazedecrypt.top/6bf70cb0ceee7935

Targets

- Target
  
  2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf
- Size
  
  487KB
- MD5
  
  81bc3a2409991325c6e71a06f6b7b881
- SHA1
  
  38c88de0ece0451b0665f3616c02c2bad77a92a2
- SHA256
  
  2b3518937fd231560c7dc4f5af672a033b1c810d7f2f82c8151c025ce75775bf
- SHA512
  
  eb9a1a865367d97cd17e21d13f3a171f005a927cf3c805c6d9cdb5c6cb39c06a1287e60bc2d98910932d27dd184f42738ecd30f1ec99d10646aed6f2cf76de61
Score

10^/10

maze ransomware trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2
- Target
  
  4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97
- Size
  
  486KB
- MD5
  
  c96df334b5ed70473ec6a58a545208b6
- SHA1
  
  f6ad7b0a1d93b7a70e286b87f423119daa4ea4df
- SHA256
  
  4ea8b8c37cfb02ccdba95fe91c12fb68a2b7174fdcbee7ddaadded8ceb0fdf97
- SHA512
  
  acb8b936ae74b5e4bce6f854ab2cf6875bdd913965c21f3015241eecfd3991c9b7cc0810c9bdae883b3aff96595187936d65598cd6fa62abf19ab5e271737c40
Score

10^/10

maze ransomware trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Sets desktop wallpaper using registry
  ransomware
behavioral3 behavioral4
- Target
  
  7c1b18932f622126441802f5ccaa9eefb88465d83a4a527d2c7ca2bab404b373
- Size
  
  486KB
- MD5
  
  e406d6097c42b81d5bcebe1827e66a19
- SHA1
  
  09d8c91ccefd699fb5ac1aaebeeebee25170fe1a
- SHA256
  
  7c1b18932f622126441802f5ccaa9eefb88465d83a4a527d2c7ca2bab404b373
- SHA512
  
  77f177824a9e5cfacd6d101ec84a75bf580e9fa707ed4a2bd5213d44b758890bd1922d5709791f20e379b5304efe41b9d8affab6042e51b0e54f5d0919d75020
Score

10^/10

maze ransomware trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Sets desktop wallpaper using registry
  ransomware
behavioral5 behavioral6
- Target
  
  f3c3e2cbedafd594b40efe12ae2a638489a7065dc2e1657524877fe0bd15d6c8
- Size
  
  488KB
- MD5
  
  e95053d1eac4d0e48cdf1b633b12999f
- SHA1
  
  fafd32e972ebb33b187bfb1ebf1a6ecb1d2d7239
- SHA256
  
  f3c3e2cbedafd594b40efe12ae2a638489a7065dc2e1657524877fe0bd15d6c8
- SHA512
  
  1f3f45ffcbd162e3a9c7791335926a0a02b0a9b2c28ce785020341bbb253bb2f4e0b1fda370039e2961094f1796d299924f3133b18a49e297d103417f7e44ca3
Score

10^/10

maze ransomware trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Sets desktop wallpaper using registry
  ransomware
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

T1107

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Deletes shadow copies

Modifies extensions of user files

Drops startup file

Sets desktop wallpaper using registry

Maze

Deletes shadow copies

Modifies extensions of user files

Drops startup file

Sets desktop wallpaper using registry

Maze

Deletes shadow copies

Modifies extensions of user files

Drops startup file

Sets desktop wallpaper using registry

Maze

Deletes shadow copies

Modifies extensions of user files

Drops startup file

Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8