General
-
Target
2023-04-14_c525eb716420dc915fe574b8a3973143_wannacry
-
Size
353KB
-
Sample
230415-ddsskscg75
-
MD5
c525eb716420dc915fe574b8a3973143
-
SHA1
b272f9a63aed4c5ab06e887d3ceb9854f52fa1d7
-
SHA256
083c5b43df8bee2a6235c3f5038cc9860b4a4bfd1675d367a67fcfff93ccfcfb
-
SHA512
24ba34d78e5c295c740e2ec9d0c27c90a25dcad5f330c72929c9e98a64f36f8ab6763c7f9929bc72a31d9b52d11ab17882a3841a75b77b904f4aeb90c768177d
-
SSDEEP
6144:G1/ZVevGFi0Xx6HQpNnCnoed+wBlO18eDKO3wexcXQVkcoHnqyk:WeUjNHCFkw3OCMpxcXiPoKN
Score
10/10
Malware Config
Extracted
Path
C:\Users\Help_me_for_Decrypt.hta
Ransom Note
<html><head> <title>HARDBIT2.0 </title> <HTA:APPLICATION ICON='msiexec.exe' WINDOWSTATE="maximize" SINGLEINSTANCE='yes' SysMenu="no" contextmenu="no" scroll="yes"/> <meta http-equiv="x-ua-compatible" content="IE=9"/> </head><style type="text/css"> body{background-color: #000000; font-family: Arial, Helvetica, sans-serif;}.header{text-align: center;}#t{color: #FF0000; font-weight: bold; font-size: 1.51vw; margin-bottom: 0;}p{font-size: 1vw; color: white; margin-bottom: 0;}.t{text-align: left; margin-left: 2px;}.pt{color: white; font-weight: bold; text-indent: 10px; height: 30px; line-height: 30px; padding-top: 10px; font-size: 1.1vw;}.b{padding: 2px; outline: none;}ul{font-size: 1vw;}.m{background: rgb(189, 54, 54); padding: 1px 5px; font-weight: bold;}#tm{color: red; border-bottom: 0; font-size: 2vw;}</style><body> <div class="header"> <img src="data:image/png;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAMCAgICAgMCAgIDAwMDB
AYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/2wBDAQMDA
wQDBAgEBAgQCwkLEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE
BAQEBD/wAARCACWAJYDAREAAhEBAxEB/8QAHgABAAEEAwEBAAAAAAAAAAAAAAgEBgcJAQMFAgr/x
ABSEAABAwIDAwUFEwoDCQAAAAABAAIDBAUGBxESITEICUFRYRM4cXXRFBUXGSIyQlJUVXKBkZOUo
bG00iNTV4KSlbXB09QYM+EkJUNiY3N0g8L/xAAdAQEAAQQDAQAAAAAAAAAAAAAABwQFBggBAgMJ/
8QARhEAAgECAwMGCQgJAwUAAAAAAAECAwQFBhEhMUEHElFhcZETFiJSgZKhsdEUMkJUcpPB0ggXG
CNTYtPh8EOCgxUkY6Lx/9oADAMBAAIRAxEAPwDVUgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAg
CAIAgCAIAgCAIAgCAIAgCAIAgCAIAgO2kpamuqoqKip5aione2KKKJhe+R7jo1rWjeSSQABxJQG1
rk28zZh6qwtQ4m5SWJ7uy8VsTZzh6yTRwx0QcNRHPUOa8ySAH1QjDWtOoDn8UBkrM/mreQ3hTCdZ
iPE2K8RYGttGzWW6z4jiZDEejaNTG5pJO4NG8ncN6A1q51ZM8mTCtXU+g7ys7fixsbyG0lfhi40j
x2NqGRPik+FowIDAUrBHI6MSNeGkjaadx7QgPlAEAQBAEAQBAEAQBAEAQBAEBJ/m1ME2zHPLOy9o
rxCyaltdRVXoxvGoMtLTSSwn4pWxu/VQH6CBuHgQGkLnec4sV4u5TFTlVUXCePDuBqKjbS0LXkRP
q6inZPLUub0v2ZWRgng1m7TadqBBqnpqqsmbBSwSzyv9ayNpc4+ADeuk6kKcedN6LrKi2tK97VVG
2g5ze5RTbfYlqy6KDKnHlwAeywSQMI12qh7YvqcdfqVorZgw6jsdTV9Wr92wkTDuR/OWJJSjZOEX
xm4w9kmpew9eLIvGkg1dNbI+x1QT9jSqOWbLBblJ+j+5k1L9H3NlRaynRj2zf4QZ3tyExYQNbnaQ
f8AuSfgXm83WfmS7l8Ssj+jtmV77ih60/6Z9DIHFh4XS0/OSfgXHjhZeZLuXxO/7OeZXuuKHrT/A
KZz6AGLffO0/OSfgXHjhZeZLuXxH7OWZvrFD1p/0zg5AYt6LnafnJPwJ44WXmS7l8R+zlmb6xQ9a
f8ATOuTITGTfW1tqf4Jnj7WLus3WL3xl3L4nhU/R2zVD5tWg/8AfP8AGmedW5MY9o2l7LZDUgce4
VDCfkOhKqaWZsOqPRza7U/7ljv+Q3OdlFzhbxqJeZOLfc3FvuLRuNquVoqDS3SgqKSYewmjLD4Rr
xV6o3FK4jz6UlJdT1IyxPCL/Bq3yfEKMqU+iUXF+3eutFKvYtwQBAEAQBATC5p7v1MK+Lbv9ykQG
+U8EBoX5yKyS4j5f2N7JDIGOq5LSwvO/Zb52UxcdOnQAlUl9dRsredxLbzV/wDPaX/K2A1Mz4zb4
RSlzXVklr0LfJ9eiTenE87D2GLJhejbR2WiZCNAHyEaySHrc7ifs6goovL64v5+Ery16uC7EfQTL
WVMJylaq1wqioLjLfOXXKW9vq3Lgkj1FSGRHxPUQUzdqpnjhHXI8N+1cxhKb0gtew8a9zRtVzq81
BfzNL3tFJ5+2MbjeqD6VH5V7fJLj+HLufwLa8w4Qtju6X3kPzAX+yDhe6D6VH5U+SXD/wBOXc/gc
rMWELdd0vvIfmO1uIrFp6q92/X/AMqPyro7K44U5dz+B7xzNg+nlXdL7yH5jsZe7NINpl2o3DrFQ
w/zXV2tdb4PuZUQx7Cqi1hc02uqcfid8VdRzHSGrhfr7WQH7CvOVKcfnJ9xV0r+1rvSlUjLskn7m
dy8yqKO7Wa1X2kdQ3eghqoHcWSN107QeIPaN6qLe6rWk/CUZOL6v82lqxjA8OzBbOzxOjGrTfCS1
9Ke9PrTTXSR7zNy3lwXVMrqBz5rVVOLY3O3uhfx2HHp3akHp0PVvkrAsbWKQdOpsqR39a6V+KNIu
VbkvqZFuY3dm3OzqPSLe+Et/Mk+Oq1cXxSae1auxVkJD4QBAEAQEwuae79TCviy7/cpEBvlPBAaG
ecdvRw7zgWNb0GlwpJbQ97RxLPO2mDgO3QlUd/a/LbadDzl7eHtMjyjjryzjlriyWqpTTa6Y7pLt
cW9DrpKqmrqWKto5mywTsEkb2nc5pGoKiCpTlSm6c1o1sZ9GrO7oX9vC7tZKVOaUotbmmtUzEWam
aF0orpNhrDlQaYU3qKmpZ/mOfpvY0+xA6SN+vVpvzTAMBo1aKu7pa67lw06X069xrHyu8rWI2GIV
MAwKfg1T2VKi+c5abYxf0VHc2vKb1SaS24kqKqprJTPV1Es0juL5Hlzj8ZWaQpwprmwWi6thrNc3
dxe1HWuZucnvcm2+96s6tV3PDUaoNRqg1GqDUAkHUHQpoE2nqi48N5gYpwxUMkobpLJA0jappnF8
Th1aHh4RoVa77B7O/i1Ugk+lbH/AJ2mdZX5R8xZTrxnZ3EpU1vpzblBro0b2dsdH1klMM3+lxPY6
S+UbS2OqZtFhOpY4HRzT4CCFFd9ZzsLiVvPevauD7jffKuYrfNeD0MXtVpGotdOMWnpKL7JJrXjv
4lFj60RXvB91oZGgu8zPlj3cHsG036x9aqMHuHa31OoulJ9j2MtXKLg1PHcr3tpNavwcpR+1Bc6P
tWnY2RVKmA+cTCAIAgCAmFzT3fqYV8WXf7lIgN8p4IDQJzo3fw5ieC1fw2mQGHsqMyvOCVmHb5N/
u2V/wCRlcd1M8np/wCQnj1Hf1rFcw4H8si7q3XlrevOXxXt3dBPvI9ypeLlSOBYvP8A7Wb8iT/0p
N8f5JPf5r8rc5Fq5hUstHja9RS6kurJJQT0tedpp+RwV3waoqlhScfNS7tj9xHPKTaVLLNuIU6m9
1ZSXZN8+L9Kki3lczCAgCAIAgCAICRWR4kGBYy/XQ1UxZ4NR/PVRjmrT/qD06Ebz8gSmsnxc9zqV
NOzVfjqXhiKojpLBcqqUgMipJnuJ6gwqyWUHUuacFvcl7yUMzXMLPBbu4qPyY0qjfogyIpU0nzJY
Q4CAIAgJhc0936mFfFl3+5SIDfKeCA0Cc6P38OYnwbV/DaZARTQFTW3GquAg81yd0dTwtgY8+u2G
+tBPToNw7AB0LypUYUdeYtNXr6Xv7/eV9/idziXg/lMuc6cVBPjzY/NTfHmrYuiKS3JFMvUoAgCA
IAgCAr7HYrriK4R2y0Uj555DwA3NHtnHoA6yqa6u6NlSdWtLRL/ADZ0svWAZexHM19DD8MpOdSXR
uS6ZPdGK4t+8lNhWww4Yw/RWOFweKWPZe8DTbeTq53xuJURYhdyv7mdxL6T9nD2H0Uyhl2llTBLf
CKT18HHRvpk3rJ+mTbXUWFndjSCgtRwnRTB1XWgGp2T/lQ666HqLtBu6tesLIsq4XKtW+WVF5Md3
W/7e8hnl7z3Rw7Dnlq0lrWraOpp9Cnrro+hz2bPN1b3rXA6kQ03CAIAgCAmFzT3fqYV8WXf7lIgN
8yAi1nNzcHJvz3zJvGauPabE0l8vhgNU6lvBhi/JQshYGs2DsjYjb08dT0oCyvSg+SB7hxh+/j/A
E0A9KD5IHuHGH7+P9NAPSg+SB7hxh+/j/TQGuvOPkzZY4JzWxbhCxw3Rtvs15q6GmEtYXvEUcha3
adpvOg4qPcQzJfW11Uowa0i2ls6zcPKHIplfGcBs8RulU8JVpwlLSei1lFN6LTYWd6B2Bvzdd9J/
wBFR+NWIdMe4yP9QOT/ADav3n9h6B2Bvzdd9J/0TxqxDpj3D9QOT/Nq/ef2PoZH4EHGnrT4ak+Rc
eNWIdK7juuQPJy3wqP/AJH8Cop8mcv4HBzrTLNp0SVMhHyAhec8zYlJaKaXYkVttyHZKt5KUrZz+
1Un+DRddqstpslP5ltFup6SLiWwxhu0es9Z7SrPcXVa6lz60nJ9bJHwjAsNwCh8mwyhGlDojFLXr
fFvrerPEx1W43pqAx4MtUNRK9p253St24/gxu0Dj2k/EVX4TSw+dTW+m0ujR6Pta3f5tMS5QL7N1
rZOnlW2jUm1tm5R50fswlopPim20vNZGi8Q3eG4zi+RVTK1zi+XzS1wkJPSdd5161KttKjKkvk7T
jw03ew0ExuhidC+qLGIzjXbbl4RNSbfF87a9eniUa9y1BAEAQBATC5p7v1MK+LLv9ykQG+U7t6Ah
pn5zpGSnJ6zZv2T+K8C43uF1w+6nbUVFugpHU7+6wRzN2DJO125srQdWjeD4UBj707Dk5fozzJ+j
UH9ygHp2HJy/RnmT9GoP7lAPTsOTl+jPMn6NQf3KAgVmxyrsDY9zMxRjW1WC/QUd8u1TXwRVEcIl
YySQuAcGyEa6HfoSO1YJfZWurq5qVozjpJt8ePoNrsq8vWBYFglphle3rOdKnCDaUNG4pJ6azT07
Ui0/wDEDhX3ou37EX41S+J1558fb8C//tH5c+q1+6n+cf4gcK+9F2/Yi/GnideefH2/AftH5c+q1
+6n+c+hn/hPptl2+bj/ABrjxPvfPj3v4HdfpHZa429f1af9Q+mZ/YQJ0dbrsP8A1Rn/AO11eT73h
KPe/gd4fpGZYk/KoV1/th/UK+jztwJVPDJaqrpdemamOg/Z1VPUytiNNapKXY/joXiy5esnXclGp
UnS14zpvT/1ci8rZd7XeqUVlqr4KuE7tuJ4cAeo9R7CrHXtq1rPmVouL6yVMKxrD8dt1dYbWjVpv
jFprsfQ+p6Mo8S4UsmLKE0N5o2yDQ9zlbukiPW13R4OB6QV72OIXGHVPCUJadK4PtX+Mteacn4Rn
GzdnitJSX0ZLZOD6Yy3rs2p7mmiNeNsHV+C7y+2VZ7rC8bdPOBoJWdfYRwI6D2EFSnheJU8UoKrD
Y+K6H/m5mhOfMk3uRcVlh9z5UHthPTRTj09UlulHg+lNN+ArkYUEAQBATC5p7v1MK+LLv8AcpEBv
lPAoDQBzoEPceXDmR6rXbda38OGtsptyAiugCAaHig0CAIAgCAIAgPVw3ia74VuTLlaKl0bwQJGE
+olb7V46R9Y4jQqjvbGhiFJ0q61XtXWjJMr5rxPKF/G/wAMqOMlvX0ZrzZLin3remntJS4fvVPiG
y0d6pWlsdXEJA0nUtPAtPaCCPiURXlrKyrzoT3xen9/SfRPLeOUMy4Tb4tbLSNWKlp0Pc4vri00+
wtfOHD0V7wbU1QjBqLZ/tUTunZHrx4C3U+FoV2y1eO1vow18mex/h7feR5y25ap49lWtcJfvbb95
F9S+euxx1fbFEbVKZoWEAQBATC5p7v1MK+LLv8AcpEBvlPBAaBOdH7+HMT4Nq/htMgIpoC7MH4Aq
8RQS3q4zed9jpGukqKx49c1vERj2R6NeA7TuVmxLGIWUlQpLnVZbFHt6ej/ADtJKyVyc3WZqM8Wv
5+AsKScp1Wt6jvVNfSfDXcn0vSL8S+3OmuNZpbqMUlBAO500A3lrPbOPsnu4k/FwACr7ShOjD97L
nTe99fV0JcF+OpieYMUt8SutLGl4K3hspw4qPTJ/SnLfOT47FpFRS85VRYQgCAIAgCAICRmSEr5M
CQscd0VTMxvg2tftJUYZqio4i2uKRvVyCVpVcnU4S3RqVEuzXX3tl34gjZNYrjE/wBa+kma7wFhV
ks243FOS4SXvJPzHTjWwe7pz3OlUT7HBkRCpqPmOwhwEAQEwuae79TCviy7/cpEBvlPBAaBOdG7+
HMTwWr+G0yAw/lblW7EZZf8QRuZbGnWGHeDUkdJ6mfasUx/MCstba2f7zi/N/v7jYDkk5InmZxxr
G4tWifkx3Orpx6VDhqtsty0W0ubPa7C02C3YZt7GwQ1bi57I27LRFFpssAG4DaIP6qtWU7f5Rc1L
uptcenpe993vM+/SDxlYPgtpgFklCFVttRWiUKenNjotiXOaen8qMGqQDUEIAgCAIAgCAICUOWVj
nw/gu30VXGWVD2unlaeLXPO0Ae0DQKJMdu43l/OpB7FsXo2e8+hvJTgFbLmVLW0uVpUknOS4pzfO
SfWlon1lVj25x2jBt3rXuAIpXxs19u8bDfrcF44RQdzfUqa6U/Qtr9xcuUXFYYNla/u5vT93KK+1
NcyPtkiKhUwnzgCAIAgJhc0936mFfFl3+5SIDfKeCA0Qc4hYo8S84VjOyzEiKoktRl0Oh7m2107n
AdpAI+NW/FLt2NnUrx3pbO17EZdkPL8M05jtMJqvyKkvK+zFOUkutpNLtOIIYqaGOngjbHFE0MYx
o0DWgaAAdQCh6cpTk5SerZ9H7ehTtaUaFGKjCKSSWxJJaJJdCWxFj5rYAqcaW6nntj2CvoC4xsed
GysdptN16DqAQTu49eoyDL2MQwurKNb5ktNeprj8SIuWDk5uM9WNKth7SuKHO5qb0U4y01jrweqT
i3s3p6a6rA9xwhii0yGK4WCuhLfZGBxafA4ag/EVIlHEbS4WtKpF+le7eabYnkvMODzdO9sqsNOP
Mk16JJOL9DPPNDWjcaSb5t3kVT4an5y7yxvD7tb6UvVfwOPMNZ7km+bPkTwsOld4+QXX8KXqv4Dz
DWe5Jvmz5E8LDpXePkF1/Cl6r+A8w1nuSb5s+RPCw6V3j5Bdfwpeq/gd8dkvMx0htNa8n2tO8/yX
SV1Qj86aXpRV0sBxWu9KVtUl2Qk/wAD1rdlzje6Oa2mw1WtDvZTR9xb8r9FRVsasKC1lVXoevu1M
lwzkxzdi0lGhYVFrxnHmLvnzTKmAclobLUxXjE00VVVREPipo98UbuhzifXEdWmg7ViGL5oldQdC
0TjF72977Oj39hsZydchVLAriGKZglGrVjtjTjthF8HJvTnNcFoop7fK2aZTWHmxe4wdnjjaKvqG
YStswdFSSd0rHNO4yjgz9XU69pHUpByrhbowd7VW2WyPZ0+nh1dpqFy+58p4jXjlqwlrCk+dVa3O
a2KH+zVuX8zS3xZiZZka1BAEAQEwuae79TCvi27/cpEBvlPBAaFOcovVXh3l845vVFs92pH2l7Q7
g4edlMC09hBI+NU15awvaEqFTdJF6y7jtzlrFaGLWmnPpS1Se58Gn1STafUzwsK5l4WxTDGIa9lJ
VuA2qWocGPB6mk7njwfIFF2IYFeWEnzo86PStq9PR6TfDKPKplzNtKKpVlSrPfTm1GWvRFvZNdDj
t03pbi69VZySNUNyDYNFwNBogGiAaIBouRoNyDYUlyu1ss9Mau6V8FJC32czw0eAa8T2Be1C2q3M
uZRi5PqLbimM4fglB3OI1o0oLjJpL0a731LVmH8eZ3GpjkteDjJG12rX1zhsuI/6YO9vwjv6gOKz
bCcreDarX21+bw9PT2LYav8oXL27qE8OytrFPY6zWj0/wDGntj9uXldCT0ZiBznOcXOJJJ1JPSs1
S02I1glJzblJ7QuTgIAgCAkhzd+Z9gyl5XWA8S4pqoaS01U9RaKmpldssp/NcD4Y5HOO5rRI+Pac
dwbqTwQH6FwdR9qA1Ic6LyHs58SZw3PlCZY4XrsW2a/UlKLnR2yIzVtvqKeBsOvcG6vkicyNjtpg
cWnbDgBskga1LrZbxYat9vvdqrLfUxnR0NVTvikaeoteAQgKi3YrxLaQGW6/V9O0bthk7g39nXRU
dbD7W421acX6EZHhmcMfwZKNheVaaXBTlp3a6ew9unzczBp9A3EL3gfnIInfa1UE8uYZPfS7m1+J
l1vyzZ3ttivm1/NCm/fDUqfRozA99YfokfkXj4sYb5j9Zld+vTO31mP3dP8o9GjMD31h+iR+RPFf
DfMfrMfr0zt9Zj93T/KPRozA99YfokfkTxXw3zH6zH69M7fWY/d0/yj0aMwPfWH6JH5E8V8N8x+s
x+vTO31mP3dP8pwc58wSNBd4m9opIvIuVljDfMfrP4nEuXPOzWiuor/AI6f5Shq80cfVgLZcS1LA
fzQbF9bQCqingGHUtsaS9Or97LPecrWdL5ONS/mvsqMPbGKZblZX1twlM9fWT1Mp4vmkL3fKVdKd
KnRjzacUl1LQwW9xC7xKp4a8qyqT6ZScn3ttnQvQowgCAIAgCAA6ICXWSHOicqXJSw0mFG3m04ws
1BG2Gkp8SUr55aeJo0bGyojeyUtA0AD3P0AAGgACAyRfeek5SlfSmCzYFy+tch/44o6ud7e0B9Rs
/KCgMAZm8vrlaZsQz0WKc4rrDQzag0driht8Qaej8gxriPhOKAj6975Xukke573kuc5x1JJ4klAc
IAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAIAgCAI
AgCAIAgP//Z"><br><img src="data:image/png;base64,/9j/4AAQSkZJRgABAQEBLAEsAAD/2wBDAAMCAgICAgMCAgIDAwMDB
AYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/2wBDAQMDA
wQDBAgEBAgQCwkLEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE
BAQEBD/wAARCAB4AlgDAREAAhEBAxEB/8QAHgABAAICAgMBAAAAAAAAAAAAAAcJBggEBQECAwr/x
ABeEAABAwMCAwUCBQsOCgcJAAABAgMEAAUGBxEIEiEJEzFBUSJhFDJxgZEVFxlCUlVXYqHB0hYjJ
DhWcpKUlrGys9HTGDM2VHN1doKiwzRDY4SGo7QlKERYdJXU4eP/xAAcAQEAAQUBAQAAAAAAAAAAA
AAAAQIFBgcIBAP/xABQEQACAQIDBAQGDQkFBwUAAAAAAQIDEQQFBhIhMUEHUWGRE3GhscHRCBQWF
yIyQlJUYoGTohUYI1NygpLS4SQzNTayJUNEVcLD0zRzs/Dx/9oADAMBAAIRAxEAPwCq+gFAKAUAo
BQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUA
oBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAU
AoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKA
UAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAK
AUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFAKAUAoBQCgFA
KAUAoBQCgFAKAUAoBQCgFAKAUAoDmWy2uXR4sNSYjKkp33kSEtJPXwBV03r4V66oR2mm/Em/Ii6Z
VlVTNqro06kINK96k4wT32snJpX7OreZSxpBm8plMiLCiPNLG6VtzW1JUPcQdjVnnqTL6cnGcmmu
uL9RsbD9Cer8ZSjXw9KE4S4ONWm0/E07M9/rMZ/97GP403/AG1T7qMt+e+5n394rWv0eP3kPWPrM
Z/97GP403/bT3UZb899zHvFa1+jx+8h6zpL9ht3xtKjdnYLbiSAWUzG1u9fxAd6uGEzOhjn+hUmu
vZaXe9xiGotDZnpaLeZSpRkrfAVWEp7/qRbl43Y6+02l+8SDGjyIjS9hy/CJCWgok7bAqIBNenEY
iOGjtyTa7E35iyZNk1bO6/tehUpxly25xgnd2snJpN9hlf1mc+PhbGD/wB6b/tqze6fLV8t/wALN
kroK1q/+Hj95D1j6zGf/exj+NN/2091GW/PfcyfeK1r9Hj95D1g6M58ASbbHAA3P7Lb6flotT5d8
99zIfQXrRK7w8fvYesxq82CXY1BuXKgrcKikojy0PKSffyk7VdsNjIYvfBSS7Ytec1/nmnMTp+Sh
iqlKUr2ahVhUaa61Fu3289x1lesx8UAoD6xIkqfKZhQY7kiRIcS0y02kqW4tR2SlIHUkkgAe+gJN
4iOHPUThmzSHhGosZhMufa411jvRypTTjbqfbQCQPabcC21fjIJG4INARbQCgFAdziOMP5hfWLDG
u1ntrj6VqTIu1wbhRk8qSdlOuEJSTtsN/EkCgNjsX7NTimzezs5FhllxK+2qRuGptty+3SWFkeIC
0OEbjzG+4oTZnbfYp+M/wDcBZv5Rwv06CzH2KfjP/cBZv5Rwv06CzH2KjjP/cDZv5SQv06CzOBdu
y940rWyp5GlTE7lG/JCvcJ1R9wHeDrQWId1D4aNf9KGVS9QtH8rssRAJVLftrio6Rvt1eQFNj51U
IIzoBQGf6a6MX7VNs/UHKMKgSPhHwZEW95PDtjzithsUpkLTzAlQAO/U9KAn1HZVcZjiEuN4HZVI
WApKk5JCIUD4EHn6ihNmefsU/Gf+4Czfyjhfp0FmPsU/Gf+4Gzfykhfp0FmfGV2V/GjGZLydOLa+
R9ozkEJSj8g56CzIwzfgx4p9O465mVaFZcxGaJC340EzGkgeJKmCsAe87ChBDTrLrLi2nm1IW2eV
SVJIKT6EHqKA9KAUB3llxC538Ni2ybct134rK5raHd/TlUQat+KzKlg2/CqVlz2W13ozDItE5hqN
QWAqUnOXCDrU4z/AIZNO/i5He/WYz772Mfxpv8Atq3e6jLfnv8AhZmPvFa1+jx+8h6zx9ZjPvvYx
/Gm/wC2nuoy3577mPeK1r9Hj95D1nn6zGffeyP/ABpv+2nuoy3577mPeK1r9Hj95D1ng6M5+Bv9S
2D7hKb/ALaLU+Wv5b7mQ+gvWqV/a8fvIes6q4adZtbEqXJxyYUJPVTSQ6P+HevbRzrAV3aFVX7d3
nMbzLow1dlUXPEYCo0ucVtr8DfmMdWhbaihxJSpJ2II2IPvq5pqW9GCzhKnJwmrNcU+KPFSUkraW
8OOaawsQv1GZLgpnT1lpi2XDLIMGctYUUhIYeWlRJ23AG5I60BNf2KDjU/B9Z/5Rwv06AfYoONT8
H1n/lHD/ToD4Tuyv4xrXDeuNywuwRYsZBceffyeC220geKlKUsAAepoDXjUfS66aZyY8O7ZNiN1e
fUtKk2DII10DRTtvzqjqUlO+/Tr12PpQE16ddm/xW6qYPZdRMMwq1yrJf4iZsF5y+xWVLaVvsShS
gpJ6eBoDIj2UfGiPHAbKP8AxJC/ToAOyj40SdhgNlJ/2khfp0B5+xQcan4PrP8Ayjhfp0APZQcaY
6nT+z/yjhfp0B4+xRcaP7gLN/KSF+nQHkdlDxpHw0/sx/8AEcL9OgIM174cNVuGrI7dimrVli224
3SD9UYzcec1KCmO8U3uVNkgHmQrp40BGNATJoNwia+8SLq3NLcDky7ayvu3rvLWItvaV5p75ewWo
eaUcyh6UBtlauxQ1ykQ0u3jVrB4clXUtMNy30pG3moto6+PgNveaAjzVXsluKvTqE/dceg2POojI
UtSLDLUJQQCOvcPpQpauvxUFR6edAaa3K2XKzT5FqvFvkwZsRxTMiNJaU06y4DsUrQoBSSPMEb0B
xqAUAoBQCgMy0r0d1N1tydGH6WYZcciuihzraiN+wyjw53XDshpH4yiBQG7GEdi5r5eoKZua6iYh
jTjiQoRWu/nuoP3KygIbHypWqgOzyHsTtYocBT+MaxYhdJSdz3EuJJiJV7gsBzr8oA99Aaca58Lu
uXDlcGoerOBTbVHlK5ItxbKZEGSrbflQ+2Sgq2+1JCvdQEU0AoBQCgFASVoXeZsfJ12YSFmLLYWo
tFXshadiFAeR23FYpqzDU54RV7fCi1v7HyN/wDsfM8xeG1FLKtt+Bqwk9nkpRs1JLk7XTfPnwRPY
KSopCgSnxAPhWubNbztFSjJtLijENU73Ms2Ey5lrlFp5xTbKXWz1SFK2VsfI7bjfyq96fwsMTmEa
dZXSu7PsRq/pfz7FZHpGvi8uqbFSTjBSjxSlKzs+TtdXW9ct5rUpSlqK1qKlKO5JO5J9a2qkkrI4
BnKVSTnJ3b59Z4qSk2A0PvUy54w/DmPrdVAkd22pZ3IbKQQnf0HWta6rwsKGLjUpq20rvx3O2ugD
PsVmunqmExc3N0J7MW99oOKajfqTvbqW7hYkTvG+TvedPIRuFb9NqxjZd7czenhYbHhLrZ6+REWv
V8uMYW+yxpS2o0ltx19KTt3mygAD6gdelZtpDCUqm3XmryTSXYcweyLz/H4T2rlOHqONKpGUppbt
qzSSfWlv3cG+PAhis7OUBQCgFAb29k/w1HVPWNzWPJYPeY3p6tD0ULG6JV3UN2EdfENJ3dPoru/W
oZKRvB2nfDaNctApGX2GCXsr09S9d4IQndyTC5QZcf1PsJDoA+2a2+2oiqRRl/NUlAoBQCgNuey/
wBVcqwTiuxTE7Zd5DVizJ1613WAHFdy/uw4ppZR4c6HEI2VtuAVDfYmhKL1EPNKcUylxBcbCVLQD
7SQd9iR79j9FRZFaIV4ydTMp0s4Y9QdQ9PL03AyCwQ2lRJQabf7h4ymEKBQ4FJJ5HCNlA+INLIiW
7gVIwe1O404D6HHtSrbNQhfMWpOOQClY+5JS0FAfIRUlNzZnhw7YaReMhg4rxI4nabfDmuhj9Ull
QttuKT0SqRGWpe6N/jLQrcePKRUWJT6yz1iRFmxkrjvtSI77aVgtrC23G1j2T06FKh4HwIpYrNGO
Ofs48A1WxK7akaM4zEx7P7cwuYqHb2g1FvaEAqU0ppOyUPkAlDiQOY+yoHcKTJS0UuKSUqKVAgg7
EEbEe6hQeOnoKAtw7GPVXLcpwrPtMb/AHSTOtuKPW6XZw+6pwxW5IeQ4wjm+K3uyhQSOgKlbAb0t
cqiWNJmw1RfhyZTRj8pV3oWOTYHYnfw8aiyKzSLtLuLfWLhbd08Ok820sDIxcjPE+3IlBfcGP3fL
zEcv+NXvt49PSiRRLcar4T2zWvdrlJGeaeYXkMPccwhtv29/bz2WFuI+T2KmxFywThV44tG+KuM9
b8RkSrFlUNkvzMeuSkiQGxsFOsrSeV9oEgFQ2UNxzJAIJixKdzINbeFHh34jWJkDULBrbJvDaQhV
1t4TGukVSgCk98gcytxsQHApJ9D1qSWkynjjF4Es24XXmMstFy/VZp3c3u7g3+O3sqOsk8rMpKdw
hZ2ISsHkWQdtjumhQ1Y1doACQdweooSm07o2U0nvcq84TGkXGQpx2MtyOt1atyoJPQk/IQPmrVeo
sJDDY+UaSsmk7eM766HM/xOeaRo18fPanTcoOUnvai9zb/ZaV3vdrszEqSkgFQ3J2HvNWJJ8jasp
RjZPmRFqTqZlGLZW7a7U7F+DIabWEuMhXVQ69d96zXI8iweYYNVqye02+DOYOlPpX1FpDUs8uy6U
PBKMHaUL72t++6Z8cc17cW8hjKLW2htR2MiLv7PvKCTuPkPzV9MbpBKLlhJu/VL1+tHl0x7Iyc6s
aOosOlF8Z0r7u1wbd112lfqT4Est3a2utRX25zJbnbfBlc42d3G4CfU7ddqwyWHqxcouLvHj2eM6
YpZxl9anQrU60XGt/du+6d1dbPW2t9uPHqZ02YYFYswiLTMjoZmcp7qW2kBxB8t/uh7j+Svflub4
jLJp03ePOL4P1PtMT1v0c5NrfCyjiqajXt8GrFLai+V/nR64vlws95rTeLVLsd0lWmcgJfiuFte3
gdvMe4jYj5a2rhsRDFUY1qfCSucAZ3lGJyDMa2WYxWqUpOL6t3NdjW9djOH08wPor7lrLyOyW1by
rUrhflxs2u8i4P4hf5NnjTJb6nHDDDDLzaVLV1PJ3q0jc9EpSPKgN1VyorbAlLkNJZUEkOFQCTzb
bdffuNvloCpjtqNWMrRnWGaLwbvKjY+LIb7OiNOlDUyQ5Jcbb71I+P3aWN0g7gFwnxoCsn5KAtRy
rjqvPCrwT6F4TptDgyM3ybE25gkTW+9atkJK1oD3d7gLcWsKCAd0ju1kg9AQNOLz2hvGZfXVOy9f
L+xzLK+WChiIkH02abHT3eFAS1wV8XfEzn3FNpxiGY625XdrLc7yGZkGVM52n2+5dPKobdRuB9FA
XdNPNLUWQ4guISlSk7jcA77Ej37H6DQELcY+e5FgPC7qPnOBX5VtvdltS3Ic2PyLVHeS8hJ25gRu
N1AgigKWV9opxpBagNe710J/wDhov8AdUBlWEdqhxkYjdYk26agw8nhMKT31vu1qjlEhI8UlxpKH
Uk+qVD5/CgMp7U7Ui1awZXo7qhZGSxEyfTmNc0MKWFqYLkt8qaKh0JQrmQT6pNARzwEcJZ4ptWVs
ZKt6JgmKNIuWRy0Hk7xG57uKlfglTpSrdXTlbSs+O1AWpZN2gXA9w9sQ9NLNm0FxixtiEzbcVty5
caEhG6eQONDuehB3AWTv40BnuhXG/w18RNx+oGnOoTKr4QVJtFyYXCmOAdSW0OAB3YdT3ZUQPHag
J1Qtt1PMhQUPUHcUBpL2lnBjiutell61fxWyMxdQsRgruHwmO3yru0JlJU7GeA+OsIBU2ogqBSE+
CugFHNAKAUAoCQdBNE8u4hdVbFpRhbYTOvL+zspaFKahRkjmekObfaITufeeVI6qFAfoO0E0D0r4
XdOoOAYHBYhRyttMy4SOUSrpMV7PevL6c61E7JT4JBCUgAbUBqN2lfaAZ1w95FatHtE5MGHkkiGm
53e7PxkSVQmVqIZYabWCjvFhKlqUpJ2SUbDc7pAjjgK7TjVbUDV+1aO6/zYN6j5U78EtN5ZhNxX4
00gltpxLQCFtuEcgPKFBRTuSN9gLMMxxDCdUsXu2D5jZoF+ss9KodwgyUBaCSAdj5pWAUqChspJ2
IIOxoCg/jo4Srlwm6urx+EuRMxC/IXPxye8d1qZCtlx3CAAXWiQCR8ZKkK6cxAA1woBQCgFAZ3or
1zyMP8AsHv6NY7qn/DZeNec3L0Db9aUf2Kn+klPEsoanX3Mg44VN2+UFp
URLs
http-equiv="x-ua-compatible"
Extracted
Path
C:\Users\Admin\Music\How To Restore Your Files.txt
Ransom Note
_ _ _____ ___ ___ ___ _ _____
| | ( )| _ || _ \ ( _ \ ( _ \ (_)(_ _)
| |_| || (_) || (_) )| | ) || (_) )| | | |
| _ || _ || / | | | || _ ( | | | |
| | | || | | || |\ \ | |_) || (_) )| | | |
(_) |_||_| |_||_| (_)(____/ (____/ |_| |_|
¦¦¦¦¦HARDBIT RANSOMWARE¦¦¦¦¦
Attention!! (Do not scan the files with antivirus in any case. In case of data loss, the consequences are yours) Attention!!
----
what happened?
All your files have been stolen and then encrypted. But don't worry, everything is safe and will be returned to you.
----
How can I get my files back?
You have to pay us to get the files back. We don't have bank or paypal accounts, you only have to pay us via Bitcoin.
----
How can I buy bitcoins?
You can buy bitcoins from all reputable sites in the world and send them to us. Just search how to buy bitcoins on the internet. Our suggestion is these sites.
>>www.binance.com/en<<or>>www.coinbase.com<<or>>localbitcoins.com<<or>>www.bybit.com<<
----
What is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you.
That is our guarantee.
----
How to contact with you?
You can contact us by email:>>[email protected] or [email protected]<<
----
How will the payment process be after payment?
After payment, we will send you the decryption tool along with the guide and we will be with you until the last file is decrypted.
----
What happens if I don't pay you?
If you don't pay us, you will never have access to your files because the private key is only in our hands. This transaction is not important to us,
but it is important to you, because not only do you not have access to your files, but you also lose time. And the more time passes, the more you will lose and
If you do not pay the ransom, we will attack your company again in the future.
----
What are your recommendations?
- Never change the name of the files, if you want to manipulate the files, make sure you make a backup of them. If there is a problem with the files, we are not responsible for it.
- Never work with intermediary companies, because they charge more money from you. For example, if we ask you for 50,000 dollars, they will tell you 55,000 dollars. Don't be afraid of us, just call us.
----
Very important! For those who have cyber insurance against ransomware attacks.
Insurance companies require you to keep your insurance information secret, this is to never pay the maximum amount specified in the contract or to pay nothing at all, disrupting negotiations.
The insurance company will try to derail negotiations in any way they can so that they can later argue that you will be denied coverage because your insurance does not cover the ransom amount.
For example your company is insured for 10 million dollars, while negotiating with your insurance agent about the ransom he will offer us the lowest possible amount, for example 100 thousand dollars,
we will refuse the paltry amount and ask for example the amount of 15 million dollars, the insurance agent will never offer us the top threshold of your insurance of 10 million dollars.
He will do anything to derail negotiations and refuse to pay us out completely and leave you alone with your problem. If you told us anonymously that your company was insured for $10 million and other
important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent. That way you would have avoided a leak and decrypted your information.
But since the sneaky insurance agent purposely negotiates so as not to pay for the insurance claim, only the insurance company wins in this situation. To avoid all this and get the money on the insurance,
be sure to inform us anonymously about the availability and terms of insurance coverage, it benefits both you and us, but it does not benefit the insurance company. Poor multimillionaire insurers will not
starve and will not become poorer from the payment of the maximum amount specified in the contract, because everyone knows that the contract is more expensive than money, so let them fulfill the conditions
prescribed in your insurance contract, thanks to our interaction.
Your ID :BFEBFBFF000206D7
Your Key :S5syP+HMHWc61y0lGWf0q7OoidvPf5oj9Ukenx3b8zzVfTneCagHo4QjkviJoYxYnIXesoCZ2W7a4VxXjSGf16pXMaQ2NDWugAGPJeup6GUs/nvgyr4YokO5I7TXU8+HRjPNFiQlGAsgaNh71+rCBGdTX5Fw4JZ+iJxYVlwgdLY=
Emails
email:>>[email protected]
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\readme-warning.hta
Ransom Note
All your files have been encrypted due to a security problem with your PC.
If you want to restore them, please send your ID for us
Our contact information is written in file (HOW TO RESTORE YOUR FILES).
Please read this file carefully so as not to make a mistake.
You have to 48 hours(2 Days) To contact or paying us After that, you have to Pay Double .
We need your ID and your ID is written below the help file
Please do not touch the Key written under the help file in any way, otherwise the consequences will be with you
Introducing TOX messengers
You can download and install TOX message from this link https://tox.chat/
Our ID in TOX: 77A904360EA7D74268E7A4F316865F1703D2D7A6AF28C9ECFACED69CD09C8610FF2C728E6A33.
We are ready to answer your questions!
If you have information about the company and its servers, share with us in TOX and receive a share from us when they pay. Don't worry, your identity will remain hidden.
Is there a guarantee for decryption after payment?
Before paying you can send us up to for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
Attention!
DO NOT trust anyone except the email and the TOX ID that is in the help file, otherwise we will not be responsible for the consequences.
DO NOT rename encrypted files.
DO NOT try to decrypt or manipulate the files yourself.
Do Not contact intermediary companies. They don't do anything special, they just message us and give us money and get the key, but if our price was $50,000, they will charge $70,000 from you.
Do not pay any money for the test file.
Before manipulating the files, be sure to make a backup of them, otherwise it is your responsibility.
URLs
https://tox.chat/
Extracted
Path
C:\Users\Admin\Music\How To Restore Your Files.txt
Ransom Note
_ _ _____ ___ ___ ___ _ _____
| | ( )| _ || _ \ ( _ \ ( _ \ (_)(_ _)
| |_| || (_) || (_) )| | ) || (_) )| | | |
| _ || _ || / | | | || _ ( | | | |
| | | || | | || |\ \ | |_) || (_) )| | | |
(_) |_||_| |_||_| (_)(____/ (____/ |_| |_|
¦¦¦¦¦HARDBIT RANSOMWARE¦¦¦¦¦
Attention!! (Do not scan the files with antivirus in any case. In case of data loss, the consequences are yours) Attention!!
----
what happened?
All your files have been stolen and then encrypted. But don't worry, everything is safe and will be returned to you.
----
How can I get my files back?
You have to pay us to get the files back. We don't have bank or paypal accounts, you only have to pay us via Bitcoin.
----
How can I buy bitcoins?
You can buy bitcoins from all reputable sites in the world and send them to us. Just search how to buy bitcoins on the internet. Our suggestion is these sites.
>>www.binance.com/en<<or>>www.coinbase.com<<or>>localbitcoins.com<<or>>www.bybit.com<<
----
What is your guarantee to restore files?
Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you.
That is our guarantee.
----
How to contact with you?
You can contact us by email:>>[email protected] or [email protected]<<
----
How will the payment process be after payment?
After payment, we will send you the decryption tool along with the guide and we will be with you until the last file is decrypted.
----
What happens if I don't pay you?
If you don't pay us, you will never have access to your files because the private key is only in our hands. This transaction is not important to us,
but it is important to you, because not only do you not have access to your files, but you also lose time. And the more time passes, the more you will lose and
If you do not pay the ransom, we will attack your company again in the future.
----
What are your recommendations?
- Never change the name of the files, if you want to manipulate the files, make sure you make a backup of them. If there is a problem with the files, we are not responsible for it.
- Never work with intermediary companies, because they charge more money from you. For example, if we ask you for 50,000 dollars, they will tell you 55,000 dollars. Don't be afraid of us, just call us.
----
Very important! For those who have cyber insurance against ransomware attacks.
Insurance companies require you to keep your insurance information secret, this is to never pay the maximum amount specified in the contract or to pay nothing at all, disrupting negotiations.
The insurance company will try to derail negotiations in any way they can so that they can later argue that you will be denied coverage because your insurance does not cover the ransom amount.
For example your company is insured for 10 million dollars, while negotiating with your insurance agent about the ransom he will offer us the lowest possible amount, for example 100 thousand dollars,
we will refuse the paltry amount and ask for example the amount of 15 million dollars, the insurance agent will never offer us the top threshold of your insurance of 10 million dollars.
He will do anything to derail negotiations and refuse to pay us out completely and leave you alone with your problem. If you told us anonymously that your company was insured for $10 million and other
important details regarding insurance coverage, we would not demand more than $10 million in correspondence with the insurance agent. That way you would have avoided a leak and decrypted your information.
But since the sneaky insurance agent purposely negotiates so as not to pay for the insurance claim, only the insurance company wins in this situation. To avoid all this and get the money on the insurance,
be sure to inform us anonymously about the availability and terms of insurance coverage, it benefits both you and us, but it does not benefit the insurance company. Poor multimillionaire insurers will not
starve and will not become poorer from the payment of the maximum amount specified in the contract, because everyone knows that the contract is more expensive than money, so let them fulfill the conditions
prescribed in your insurance contract, thanks to our interaction.
Your ID :BFEBFBFF00090672
Your Key :HMOG/9GclieadbHwm+6XAVkWmz1qfy9u+FxeDq5V0d1B8xNsbARhdlZCCIcB9KP/v6GPkxFgVZm5KKXQTKUXoWi9r+htk/ENH9bB8/4PrsA/ZXqRFMvsnaAEyacjyS8MEBmjEGGnVaylGCdT4xuKLunGAgAN8vGdOKjk9moMjTw=
Emails
email:>>[email protected]
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\dllhost.exe
Ransom Note
MZ��������������������@��������������������������������������� ��� �!�L�!This program cannot be run in DOS mode.
$�������PE��L��6�c����������"
P��x���R������
@������ ����@�� ��������������������`���������`����������������������������l���O�������������������������� �
����������������������������������������������������@����������������H�����������,Z'dLK,I��� ���J�����������������@���.text����u�������v���N�������������� ��`.rsrc����������������������������@��@.reloc��
���� ��������������������@��B������������@�������������������� ��`������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������%q뵿�5�v�w
<?w��ͦ������k� }^������H�i���l�ڠ��AW����ACL� 9j��ڒҨ� q}KK�y���,���I<#�i-�1�ǧ�N�����4rW�S�x���4l3q�\SU%�R�������V�Ax�e��=�Nzޜ��)�RPI�Ï �� �8���?�kۭg�������'
���c��#*��q-k�px0`���B���˸�
���6�t�i<������-�XN�=���?Pz��R�¸2�8�]�ޥ���yOwm��tE���}�X�K�<��b��N
�1����'����
�`�pto��%m7&�a�� �;Z��C!�2��g/�
$ �bӇj������Kj�����(�
=�ɍ�(�1\lϳd�_x�[��
�g��9-��g�?!aoOD��|8��lwuf�T�03kL���~><Nx
��I���^�/�e��g}
�J@H>��_��R��k$jIlx\������n�k�zKVX�4U��l��^nEDž�7�|��"��An�Z�W��p(AQ�j�;�7�@�
�-�Ve��i
Lz���σ�-�cZ�Qܰ��:��q�>��R�1?A��cL����@y�ȑd����\��D���
�5����~J��2�%������*�"��w���y�A��J*Y��(8s>kr}/��`5���|�R�saL�)!CV��rW�H��3���.�W�`ױ%����.k�
a/U���W�r[��WG֟vo(��a�
1�*�g:o~��U�q�FI�xo��ǂG�@HE�c\zS�����m���<��d�
�3D�Ue7^�y�;J���O�IW�5�+ɢQ�
�9ڰ T^�����
V
��ܚ.�;� ���ڽ?�Nh��V_�rF������7q�d}�E��
2$
�?�;ۗ�����C^'V�
�|*�C�D�� �g�0B�a�E5�_�n���D�Sy@k}������k?G�W�c�צ�I��oV=W�[��Ij�YT��*ǏLj_�9H ����v���
h�9���\<��po���k�ʊW��֓Wil��(���t�.)�扟?�x��Tc^�Ӻ5
R;�w�����.lSjR��N� 'W��q��$��p�#9U,����&b*k$��������x��/���Jkga��ġ�K��l� z��
�1G���)��g�&���vj~%��c{V;U����W���Zi-�����
ĪYdHbE녺ƟO��% ��h�څ`N;������J`˦��T(��7f|p*�S��Bc1ȽW,�:�3��#
́�lK��>B�#)�a1�����zݘ���_�a鮂��`:��R�l�.�Z��u��L�b�
dڻ`=�a�U�<Uh�SB�G�����?6���x�
ǀ������S�#�A�Q���� %��NW�a�}
���}dR
���/�ӄ�}�&�c�0�6��(�C`�A&+��F;�X��?�BP����yE�A�z�
� \���b�6�v�H����bdġ
x�uT@jk��}��Iv |�T���gg�C!(��06����ù��E�x=;�
�N�1�w�\���
��]Ƶ��)U��_���I��G7�5����{�
�s�D���
�!������zT
�
G�_�
>#�n ��ӥ�
#b�#���]�lm�)4�)'�
%�$�;l�,�v��0�BZ���m4�k�� n�X�{
J̌
���(�`{���
���mZMOe��J*��0T�8ܞU��r�y�j�[�x4������)?c��>nO�PϾ���D��\���
��j���C/�n~��V+����-���:#2���mm��-���Bek��f(� U���n��D��Ӿȳ��͉�X�U,�R����E����赽>v�'Uu��s~f8K:[���ȫ}�,��f�����њ��U\�*>nU���M4f����Σ��?cB}0
��.�TH-xt�����.�^j0����^C`�(��X��S�}��,��G����_k�8+�[�t����MN뵍F�U/�o*l���M9�
Oc-���PD�sc�����w_L�* �[�
��h��G����(�� V���x�^/C�ۻ�1d/.ɉ�;���"�<��]���,�k8�]zz�yʔ���=q�z��P^ 1yg^����h1�٢
p*[;��A9���es�J�z�!
�0��*�`�V5Β�o�!�s��6�¨]J�
��Ț�I�U�3*dT揇�l@��E�mZ�yG�4V;� ���Nt^��1/Ǥ�*#�>����ƨ������S]��3��Z��k%;��S����g��|�Y}r{V��Q����"H��
�q�y��������
��^5�����q�+Y�챉em��E6�L���/�ϙ�+��*w���(?�j�\M8 Y��7��zTR$fZ��
���;B\�pR4��?�j
�Y��_P�S�M߄MJ
7
���@6
�xWz�
�sx�q�1Ť�\u�
j�:�1PaG
V�9@�_<�d &k�H�n����Iݺ�۰�V�>
�;ZA���#�B�PB�Y����Mi�s9��C0�# )��v�_r�����]6����x�kEU`h:���}���J
)�u8W��~g�
����"\Y�{Q�ힶ{1���5��\JǶ�p�
�s�n
�V����Uw��U���`�B?9�� �B�&�`��wN�yg:��u��~!S��)�b���O�6�2���
z�\���J��e����9w���Q%��0l��0���2x.�O���ؒ(���-j�*xru4O�����X�
�
�ŭtb�S�Ε�}B�O��a���p�+ߕ��!��N�<Ż�A#r�G�gs���rh#�~9�����@H��{�����I�M9�Ӊ&�ј�UG��I��k�3E)�pKC!mj`�"Ϸ���nI�B��k����
�F���m�f�`�-���4�J��4�g
a,�
��UM<���7��� ��:���!5�PIRd��)A�HK��f�<�Q��k�}WܠS������Tbk�4��Kb����b�,��T���/���K
��Q�q
So�xasZ-x���jK�
(���d*��i�T%��Vv"��j�V���V��m�ϯ�79�`vi��̝�i���>�]�=,�3
� h4־XT�߹�~3x��%T`4�d�_�o
l���zְ�)X+�5��5��4SA�Ř�}����sC�a6K�]��l�����������fD�*�/�LY��1�wӕD��՝]��L{����]����e�L�X��v��!��U1��/�
�<l��{��A�p�0��HէJ�]��}��|Qe��R� ���R��)�b��5��HL����
�4bz�������X���)V����4aRA�Z�'�
�a�}H�:�+.�A�@��|s�)c�rK��Za�(�"
���ge�Fqݑ>w�
���s_m��sNs�-�|����x�Y�R�iW��7��W6ڋs�t�_f�N����3�6F
�?\KPn� ��ݔ_&�z&#U�0�%�I�
����� "��D�8ŋXU��h�F��
?_Z�e7v�i� )>L씬b�So�;>��!�T��K�T8Jgx<�f�S���ID�
�C�' �KXg-����ͮ�RY@Cr��5��$�%��yW�:��
��Qx
e�d��{=��I
*7���W"��f���
]��
�]iګ��J$��X�a;a�RB�'}��j��̲�"���sr�cRŤ�`J�p+�
7=Z���4�����+��
N�SG �|
N
�e
�o+��n
+���J���a���o�z�!bnN�-^A5[���@�r�)���-c�7rL�w �X�4؛F\8�6�.k��qXD'�{�;�|=߈
:�#��Uu_����hE��/f��Q
W���
�����6���O����,�FC�l���
:�
�4�KQ�
��Ҏ�2�B����FE+�f�6{��ʶG��,�@�+�Bx#�����1r1��h�\2f�����+���M�n��T�H*>C~hꎂv���Ϗ�163��St��nfk�C�U���R�K���,;Ū<W.)!'�!k7�p�`Pͦ�;��k�|�:�PJE�9�z/¨�0�����n�R���
�u��Z�T��\�XGQ�
�#f�ј��h6��
��O哼+fbn�go�`��� P���������(
��� φ���W耓�w!�H0�>��H�_C
3 ����w���(̀�Z�]�[Z��oX:���o��-�f^(�J��J��^�I�kN��cJ
X�[LS[���8�=
���=��z������i�2���%l��w>�Z���6k���y/��������`{��
���a���SA�5ġ;�/ڤ���HE�@���W}�P#�k濎�9�лt��ԭw�n��K��S�!���4��Z
a �l�̏�gXF��
�=H��q�W�>������
zYnٴ���L1�#y�%�i��Ch��\�r3
F�8�
�L.
� ��=�5Vkz����S4D+
�y#����uK
̡K4�2����k%D��+��[��<��'8 45"<zxgsk�!U����B�I5A8��ֻ1i�+�k�
�K��(�����8���>Ne� Db�fZ�W��;����{yU�#��F$A�~Q��1�d��Z��U�LdQd;���.O"i�i]oa]h^]���/���#���㬂�}^r]bm��m
uj����t�8��U��}3
��
��\{Ռ��
���#�q�M�K�t8<E�)� ë�
�+�ř4�m��h3����!��֗�}e̶[��
1(u������í�݉�d�vUmiS�2�{���#Z̃�E�(/������4"�����[
σ�>A$�e��Y�3�1��՝
���E}!Ȗ�$�]�����eq�E�^��n�ʩ)���*M�mL��N\ZL����:7
���:Xo����&��.�
�\���
j؍��#ioޫ��`p�+OD�b
M�(�� �d~j��}�wPA������ J��Hk �΅b�<E
G! �~�
�M���*��S
���Ǜ
������v�92�ǐ�mii���>ѣH��&C>���l���2_<@Ť�M�uj8
���{ſ�����:$����d��`%�� -����3r�9�ɏW�8����M��w�ŕ���G?<{�竂�5�A��_@|?Y�睢
r��a�.�
N�{/�\��p��d�ϐk�}���Y�
�
\G{i�`�5���U+`
zJ����Y� 4�C���VOJq�0mـC
�
����A��:n�+v��h�$�6�%���B�سe��,&�\���[��i
��������[
Cd���Q� ��31�6B��*�͆
0:�J9��(L�̨u۰~�E�YL�Kr������� ���k *W���S��[��}M�"j��FZIfx�/%Vfa���3n�6m��o�Iً�P�ڝ�7�-_-l44���n'}yL*vU|�f�߸�P��b�1�CM�x^Q�;Y)�M�WՈ�Ù�S%��[�!_RozJ+�����1�'e���}7�ښ��z4�{���Lu�ٓ�;T��&f�v�Z|��|9�>�M
q��۞c#J�Ѷ��^���< �%���M�ޥ�g���
�Bt�T`}�NהX�S�� �w�L���7��
{�
aa2� ��}
�٭x>?�D�����K���E�E������C[����Z�U:���;g� �P�d^��ٞp'�]�; �i�wgc�
�= �
D��g��k������[� ��"ti��Nfߟ��� ������Ok�zW�]
,KҐ��3
�!�3ȅ��"����ˢ&�$ۃ�;r�`�-���� ����=+
�ۑ��<�דy�������b@A=����/���Û��NC`ܥ�TR�5��U�����}uD2�
�Iy}�;���T6��M�͕��j�z�D��Q�G��V�Ԗq���D�e��DM!DŽ��
9�_rY\�w6��c�V�-�FO�����P6
���3�xˆ�z�h���C����tý�=��>�ߴ�5��P��������$�:C1�~�9��
r�#��!Y����b�
ɷ=���%e� ��v�e��,���2�0i�ͫ¡�<���UA�����0EEï�Kc?8�E���
�$��n8��,�]e�եq{
H:E4�0Tk�ٛ�%�M#)�
nk�#���|^U��w �%
���L)H�y�?PC�
������MLabp�L��AB g>VQ'���e�
�w>:���H��%��G,��������'K!���Q��������s}0?Ʀ,j
e��]��C蹒
�w ۆ-�p@#GC�Hi�ڧ��g�� �M}K �?o�k��E�,�(�g��*�Ǣ¨��i���E�BBkى�S-e�?a�q
�90��GO�
�2Ni}�>'+�|G}~t��e= C���������%�i�zY?���ʭ�F�drz�*^���O�x� C��K
��b������R���R\
����Y�pq�꾸rc���0/г ��㞏�����:3���d'��""����
y�ñ��r]XB�$ۢ
;-�����e�0#�n�����Z���]�6���1A+iO�
/�x`=�b<�? ޢHҋ���g��!�g�
.��ʢ �Mc�����.�R�
6C
�0B6�d�{KJ3�3�Ren�g�U��'���寄C
�"7#n4'���b�n��8v�z�:G�s\@gf4z�����^��kA&�}���
��e��_%(#�[+��(��`���B}�$:�z6��2D6��my/��`��<��|P���]����F�5����
:C0��D��Ci����PB����
��w8�I)2FO����� �P�dI��^>���9��WE�^����M]S�Z
<���a��~���
�[*�x�@
jSKn
*��H�aM��f��惾�\w�$��^(
���Wb�<
s2����
-v��� ��P�7�
3%�j��v�
��ss��U�����ڊ���Aq�sF�_�=W�x�\�ˡ��x�uкQ�V]�1��<#A�,�����4P��:?4}]��J�
���Y.4�n���eޓV����V������ň���J"� ,i�l�A��^pS���z�*,�>
0�F��&��qܐ(����,d|<�& A>˴�;��F�;dJeVG�U�4���-��Ȅ��I�i�`7��n@5�������ʳ�l�+��?J�oW�i"=;4]:�y}v[bi�M$�Y!��Ɵ�?��Y���� ̦�ro�_�
�S
��U��W�Wr��]'Mc�;r�ⴖ�ЛS��%`fm�8����
��;���_�ҳ����'
K����y?L[�]�.=�Z��y�����ƍ�f��cz�*��rB�;�[������P���u��3��P�G��X����v�5Gaa�1�e���n
�궪}�j����/�+��cn������!�ݟ4,�[o;f��)CV�
Ι؍��r`��@�[���-_�Xꕀ��$PQK<�el�p� �8��;���~�� y'�n`k�~�KIļ���8�5Y
j.�����*Չ�
�K��ld����+�6@N.�E]N�ڦ��ƶ�Ow�v��
�|���S��B�svl:s�G����e��}\�tF���n��:�!Io
4�j
��)b� ���w2ꅻ�K�1
��w*4�nW>�����a]
:��������E�)S�_G��q�����[/V3E���!~l@��[�
��w��\����3j
�
bA9����vżR��I:qX��ˤ�����J[�Q��A���&N��Zˈ���ɕ�� &,���
��n�����wXo�Q�� ���+��9*��Tc��n6��_�^dP
LJ�C��܀Ӟ�cB��&�����.$�2��=kk�̂ E$F��wC�H�U�G�IH(�'��N5�3`�5��
�T��[�PZ=�W��9 E=���r�����&H�s]�B�\��~y��`
��@�Ca_��L��+�U���t;�@�S*bچTd����+�p��q��S�����Es��[G��z�vZO�Om,E��/M�+��[�ڥ����~��B�x&S��3�P��F�� w�����Ԇ��tkq_�73�O�
� /*��S?D�{Yt.���R��X��3.=��Li�7y&2J;��w����Ս�(ţ]�h������6L����C�Vz!$%@�
<�3�C(qGe�Ȧ_
Kr�z��2ծ�����UD�;}*���t?D��B�π�~5_+��J�4�ml���*
�~����%
Emails
email:>>[email protected]<;<
Targets
-
-
Target
2023-04-14_c525eb716420dc915fe574b8a3973143_wannacry
-
Size
353KB
-
MD5
c525eb716420dc915fe574b8a3973143
-
SHA1
b272f9a63aed4c5ab06e887d3ceb9854f52fa1d7
-
SHA256
083c5b43df8bee2a6235c3f5038cc9860b4a4bfd1675d367a67fcfff93ccfcfb
-
SHA512
24ba34d78e5c295c740e2ec9d0c27c90a25dcad5f330c72929c9e98a64f36f8ab6763c7f9929bc72a31d9b52d11ab17882a3841a75b77b904f4aeb90c768177d
-
SSDEEP
6144:G1/ZVevGFi0Xx6HQpNnCnoed+wBlO18eDKO3wexcXQVkcoHnqyk:WeUjNHCFkw3OCMpxcXiPoKN
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Modifies Windows Defender Real-time Protection settings
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-