avaddon

Path

C:\Users\Admin\Desktop\tGZuKW0_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .CadEdAbCe You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTgwNS1OM1cybUdmYzhDcmhvZk1SRXNhSFdUWHZ0QWdQemh6SVpoaldjbTQwdnEzTDJyd1F3N0k1dUdFOS9LeFV6ZGdzZ0R2Y1pXbi9yRENBUXRjV01PaEEvUzh1eXR1aEs2Ymk3bFIvL2JHUWcreVY2ZlZkYnByaTZJeC9MR0dlZjI1eld6NGJXVmg1S2hXbHhRaXZ4eVl4b2ZSeXRscW9wZVY3cEpNRDAwR0RTM1RDa1NYRWtNWkRYcmRXUnFTQjdlNm1UQlpVQUZFT2IvalZzd3A5TnRPbkF3YTBhZE9qMk5jK0ZVU3BKSERweTBlbmRtd2VyVlViNXA5UDh0UHAva2RyYXR6bXUzUytZWU5Wdjl1d0dzTktTSUJGUkwvckxhTjBBNmNmVXJ3ZzZFM2VMYmhhZ216WFpwcFhRaDBKT2pWR1dOSm5QV3ExWmpCekhyV0M0TmdwWjJZdDl4K3JadFFrR1V0RUJlcmlFYmVDS3pVMTVaR1YwdkdRbURBRURFZ1o5ZFgvNzZJZWUwajFvcmlGQ2U5dDk4cldPMUgxOVdRc0V5S1RRT3dZbi9XRGxibzVWMXhzMGRickxVeVBZRWlkU0xDT3N2TndKSG45Wk9XWW1vSTFzd0wvaEhMcWhXKzJTRGRGZWxyUEoxM2FJWlNXc21KM00wd0daS3FpUlVaSVBiWGxuRHRzQmgya0FQU0tRdHB6bndxK2tRMXBBL3BJSTA3VUI1M1dpOU5uQ0xCbVNkWElNVk5aa0xLRHhXVUNzT05ybmJ0UzJaQzJYM2tZeWVOdis0SlFIWllOZ1ZUUFcrazJBWDZZbVRqNlpyMmhwTm9xSi9heWdYamVMNTFsZzBDaVBhR0ZvN3U2S2FDSExqcEdLaWlraklIaXZmNk5IaFNabmpwZDZ1Q3F5clB1T0Y5MHdUakQ0TzVvYS80Q0paUWhIL2lZUTIzdFlIVGllV05ZbFhTbVU3S3g1a0p2S2JGb1J2UVBNNG1sbkR1cGlIQkRhM2xBVE51d216MTB0NEJRWFZnSnNXYnl3ZjBMS2tqMm9CcjZibkkzSmVIdlZvT1dQM1QxZ0ZLMVp2c1NkWHJxdkExQmwyY3hjVWlnV1N5bEI2NGpjRnNscUFtOXNIS2JzQmIzS09naHB0VzZuWUxnNTFhQ2pYaVJGazBhYjlVV3M5dXFjL1F5bXdCY2NLZzB1MVlBRCtsWXlKREFqMkRVZERuRk1qWDQrSFlNSVlrTVNuVTBHQ2kwNkQvTlZuWFc0Z0kxOVkyV3pmOU1OdHhDT2dmY3I1WmdGN0FNNUlrd3hDeHZuSU15RjZhaVpFOHVVK0lLdlJKaTRVVmphQ1dpWkVxZkJPNFdza0hORWlKR2dSSUJYZjBZMlR4NjFKb3FZYnRSb3ZoRHdLNC9xM2ZWTXNGamJpdHhsSlJ6bHc0b1Rnd0xJdC9Wek9iUG1UQTcxVzRtSE9yRVI1Mk5LbmxxUjhOTTNOTlZrcVBGSlBuaU5HRW1JMEZGVnl5U213UHhnQWUvQmZnN09qSUVCVHJVL0duOENBZzllQkdxTWRCUzR6c041WjVKVHFvRm1YSnpQN2tGYUIxczF6aXEyVS9TWUJYTFArUGhTZ21ZY3pZV01uMzE0NndFbmZLTU83d1dDQ0JIdloyZGZUWStZNEd3SzZWQ2hDbXBNdE11dWZ2Vks1L0l6KzdpTWRKV1l1eS9YWnUvKysxTFFOc2liRzYxVTFjMWdEelBTT21Md3ZFQUNTRndwM1RVbVlXRkpNSVg2TCtZUTRiaEtaai9MOW9xL25WeUlJbWRUa1ovemNvYURLNzJtWjB3Q2dVYmpudzd3aWs2WWVubnN1ZzlTaVEwaTVaMWRDUlo2bUNtcUxaaXdkdnhFdGgvNVBZeC9McUp1LzJ2REdjZ2VrSlJTWUdNMVU1L3ZyUGY1bnQ2YzhyQngwUVd0aHB1TVpKWlY4dCtRR1BwMENMaUdPditNWjlyMVczVm5MbjdTUm1tM1NxTHdvSUt1Y2M0Q3hEMzhnSWQvUTZncFJ1YVhCRFNBdk9vK2NLT3o0ODVUYUk4dWxvWXhkeE9WbWoxYU9MRG1aTXpnN2U4V0ZtNUVKU29zd1RSdDZZVXpnYTJOelNYZ05jck1WVmJMZ0t0dURNeDNsY29xZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * FsAHeiJEuthg

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Path

C:\Users\Admin\Favorites\Windows Live\tGZuKW0_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .CadEdAbCe You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTgwNS1OM1cybUdmYzhDcmhvZk1SRXNhSFdUWHZ0QWdQemh6SVpoaldjbTQwdnEzTDJyd1F3N0k1dUdFOS9LeFV6ZGdzZ0R2Y1pXbi9yRENBUXRjV01PaEEvUzh1eXR1aEs2Ymk3bFIvL2JHUWcreVY2ZlZkYnByaTZJeC9MR0dlZjI1eld6NGJXVmg1S2hXbHhRaXZ4eVl4b2ZSeXRscW9wZVY3cEpNRDAwR0RTM1RDa1NYRWtNWkRYcmRXUnFTQjdlNm1UQlpVQUZFT2IvalZzd3A5TnRPbkF3YTBhZE9qMk5jK0ZVU3BKSERweTBlbmRtd2VyVlViNXA5UDh0UHAva2RyYXR6bXUzUytZWU5Wdjl1d0dzTktTSUJGUkwvckxhTjBBNmNmVXJ3ZzZFM2VMYmhhZ216WFpwcFhRaDBKT2pWR1dOSm5QV3ExWmpCekhyV0M0TmdwWjJZdDl4K3JadFFrR1V0RUJlcmlFYmVDS3pVMTVaR1YwdkdRbURBRURFZ1o5ZFgvNzZJZWUwajFvcmlGQ2U5dDk4cldPMUgxOVdRc0V5S1RRT3dZbi9XRGxibzVWMXhzMGRickxVeVBZRWlkU0xDT3N2TndKSG45Wk9XWW1vSTFzd0wvaEhMcWhXKzJTRGRGZWxyUEoxM2FJWlNXc21KM00wd0daS3FpUlVaSVBiWGxuRHRzQmgya0FQU0tRdHB6bndxK2tRMXBBL3BJSTA3VUI1M1dpOU5uQ0xCbVNkWElNVk5aa0xLRHhXVUNzT05ybmJ0UzJaQzJYM2tZeWVOdis0SlFIWllOZ1ZUUFcrazJBWDZZbVRqNlpyMmhwTm9xSi9heWdYamVMNTFsZzBDaVBhR0ZvN3U2S2FDSExqcEdLaWlraklIaXZmNk5IaFNabmpwZDZ1Q3F5clB1T0Y5MHdUakQ0TzVvYS80Q0paUWhIL2lZUTIzdFlIVGllV05ZbFhTbVU3S3g1a0p2S2JGb1J2UVBNNG1sbkR1cGlIQkRhM2xBVE51d216MTB0NEJRWFZnSnNXYnl3ZjBMS2tqMm9CcjZibkkzSmVIdlZvT1dQM1QxZ0ZLMVp2c1NkWHJxdkExQmwyY3hjVWlnV1N5bEI2NGpjRnNscUFtOXNIS2JzQmIzS09naHB0VzZuWUxnNTFhQ2pYaVJGazBhYjlVV3M5dXFjL1F5bXdCY2NLZzB1MVlBRCtsWXlKREFqMkRVZERuRk1qWDQrSFlNSVlrTVNuVTBHQ2kwNkQvTlZuWFc0Z0kxOVkyV3pmOU1OdHhDT2dmY3I1WmdGN0FNNUlrd3hDeHZuSU15RjZhaVpFOHVVK0lLdlJKaTRVVmphQ1dpWkVxZkJPNFdza0hORWlKR2dSSUJYZjBZMlR4NjFKb3FZYnRSb3ZoRHdLNC9xM2ZWTXNGamJpdHhsSlJ6bHc0b1Rnd0xJdC9Wek9iUG1UQTcxVzRtSE9yRVI1Mk5LbmxxUjhOTTNOTlZrcVBGSlBuaU5HRW1JMEZGVnl5U213UHhnQWUvQmZnN09qSUVCVHJVL0duOENBZzllQkdxTWRCUzR6c041WjVKVHFvRm1YSnpQN2tGYUIxczF6aXEyVS9TWUJYTFArUGhTZ21ZY3pZV01uMzE0NndFbmZLTU83d1dDQ0JIdloyZGZUWStZNEd3SzZWQ2hDbXBNdE11dWZ2Vks1L0l6KzdpTWRKV1l1eS9YWnUvKysxTFFOc2liRzYxVTFjMWdEelBTT21Md3ZFQUNTRndwM1RVbVlXRkpNSVg2TCtZUTRiaEtaai9MOW9xL25WeUlJbWRUa1ovemNvYURLNzJtWjB3Q2dVYmpudzd3aWs2WWVubnN1ZzlTaVEwaTVaMWRDUlo2bUNtcUxaaXdkdnhFdGgvNVBZeC9McUp1LzJ2REdjZ2VrSlJTWUdNMVU1L3ZyUGY1bnQ2YzhyQngwUVd0aHB1TVpKWlY4dCtRR1BwMENMaUdPditNWjlyMVczVm5MbjdTUm1tM1NxTHdvSUt1Y2M0Q3hEMzhnSWQvUTZncFJ1YVhCRFNBdk9vK2NLT3o0ODVUYUk4dWxvWXhkeE9WbWoxYU9MRG1aTXpnN2U4V0ZtNUVKU29zd1RSdDZZVXpnYTJOelNYZ05jck1WVmJMZ0t0dURNeDNsY29xZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * b0mdzv62kVPFhB7

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Path

C:\Users\Admin\Desktop\xleUz_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCcacBBcee You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTgwNS1kSC85QmRJUGZYdkUrQktoTFdnN3VhOU1Nbm4wUDh3TURFQzlsN2gzSU5TTUJNVVFFN3pkRERNZ0pmZVpDanZ3Tk1SeUI5c3pJcFIzUzB0QjBqMkhTQU0vRmVNM2Z5T0lpYUgydVhFWnBwVmFPWkNFWXB0MUNmM3V5eVVCRk5OUVdtVWNKNGNFRkpLYU8vZ0QwT0RZV2h4WldwQnNweDd2MTZXY2ZWb1krN25FVDVFYlhiWHdQblZaZHBzajBDajdsTGQ2YWxKemZxWXVsN1FyVDQ4K3VNeDNPR1NaMlgwVDFOb2lCQlpBSkhMNnhSRVRhRlZhMlhtOVNDbGNTbTBlTXE1ZDlPc1U5eEp3SDdOUm04R3ZFQjR3c1pTSzIwaXhGSU56RXh1cFJ5RHBCOUF3RUt0RU5QeDFVd1dFWis4UDI3TXBtYzZoUHlubXNGUlgraW04eklyVEl2bDd2ZURGc01XaWxLcndhNWVPT3FWWXRiYkpObGczVktEUko3cml4SE1GS0ZFaU5ORkh0cjZMMWloTkhhVmRMcmp0S2NVSDFhOGR5cFgrTVJTUEhrRmxlbCtTalRTWi9RTWVXZ0F1Sy9pNHFYUHo4SlMzOHpMN0xNN3c0N28wcElQZG15TUx1MWZxVms3K2UzeXJ6eWlQckxZZnk5YUpXbTNPWkhQWkhNSDcwMW5ZalphdHMxdndIMWxOYkZyWTNvMmVxY0lucWRxdlc2ckVCc281azlxRVUxT2plR2VoV1ZLTUFwa01BRE5zcWp5U3AyZklDK0d5V1M5T1FoVVhTQXBoU1U2NlYwcHFHKzZNTm5tdUhQeUlSU09IVGpHRm41NTJxMElOTFZIZlRFVnJLdmdPdmU1ZW1HcWR2UkVIMXJDT2IrVUpnZHZJT0xyZ000STMvUVBTb3NpeXgvSVpOTlMrbDJJM0ZSM3g3cGpWNVZPR2dHZEU5ZFgvT1djcEMzSCtTTUUvZ1pFRThESVZJOG9QZDFORTRHU051eUVuQ0FzNG1NY0tYK1pjWmdXNVkxVzc4RkJQT25DaTZjTVA2Y1c4U1BMaG5IcGJrQ0NmN1BFZWtSeGQwdmoxSnVvdGd3VWlxK1RXZlpzNDA5US93TlM3Y3gvbUlWc1o2S1JvWjFNa1RjUUlCMGxTb3NWZCswelIyNzY3d0ltREhSVkJ1dlRNK3NHZnhFYW83aGhWOG5zSURBQU01MmU4bVdhM3VyY2YrOHRhb2VOMTZHaWp2WkFlWnc0OWZuOE1oQVE0TUw5VVkvODVnYWxPUFpTZW5EY0UxcURDc2VDWUdSQzA0bVRRWnJMNjJTL24waEtxR1doR3laRnBMTFdVeGEvOHZ6RnNtV0pvOWRTNEQ1Y1BaNEdqR016VU1lYjZBZG1UZGxkZ1p0OHBwaVZBcnpoaklSM2hYNUQyZko4UnVWNWxVY2E0cUZONzVnOGY4eGpyZWxHMm9kSkRldXhqczZ1N3N3ZlpUZzUxRnZDSEhMNWZScGh6Wjl4c2Jwb05PaGpYRWN4RkE5WWM0NzA5OUNWNGhOekpEelZnVmdCTVBpb3JYV1ZsajVyVUZ3bXR0T2pTVGE3VGF1ek96RzFIZVMyOUhQQitUV29uVjJCQ2YvakNzc2gzcWNoK0RnbUoydWMvVnk1ZXZLY0oyWHpEdjlGTEJjdTJsc1llbXV0eVlKekNEWVFPM3kzWnc3SnMvVnplQlpOdCsrNGpDMmt4Q0ZTRDNOWXlHc3puRHNucnBMV1hiKzY5WGt4b0s0VExleEQ3NGtDeW5KM1ZTbU45aU5pMm5FUS9ObFltdEJ6ZTB2anZRM1JTckdBTmJTUW1OSHFMTy96NGdvOWZLNDN0akdkWWNYMlJCenhjY2t2NnlwLy9sMEdVck1lamt5V2JUUU9NeTgzUUhUMVgxd0FudUdIZnFWL0xtVEJsVFVmQ1pXOVllckpFbENOODEyUHB0SDMyU1Yrc01VdSs1bC92QVRuQlBqOTlzbVRPQnhYblp5UGFBTXRsbjNZRDVxdDYvLzZWRXhlUzJlUitIeW55K3NTTWNlZGpSQWpaOVEzZUV1aWdQbW44RVUyRGxRNVB2SHN3YzNQWHJ3VmRQVHhWZGhOcjBtbmc2eVJBdmtPdXpkcU9RRlpaamdWNWxiU05WZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * r4Hyx0aDTmrUpHggCu73UJJRujR

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Path

C:\Users\Admin\Documents\xleUz_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCcacBBcee You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTgwNS1kSC85QmRJUGZYdkUrQktoTFdnN3VhOU1Nbm4wUDh3TURFQzlsN2gzSU5TTUJNVVFFN3pkRERNZ0pmZVpDanZ3Tk1SeUI5c3pJcFIzUzB0QjBqMkhTQU0vRmVNM2Z5T0lpYUgydVhFWnBwVmFPWkNFWXB0MUNmM3V5eVVCRk5OUVdtVWNKNGNFRkpLYU8vZ0QwT0RZV2h4WldwQnNweDd2MTZXY2ZWb1krN25FVDVFYlhiWHdQblZaZHBzajBDajdsTGQ2YWxKemZxWXVsN1FyVDQ4K3VNeDNPR1NaMlgwVDFOb2lCQlpBSkhMNnhSRVRhRlZhMlhtOVNDbGNTbTBlTXE1ZDlPc1U5eEp3SDdOUm04R3ZFQjR3c1pTSzIwaXhGSU56RXh1cFJ5RHBCOUF3RUt0RU5QeDFVd1dFWis4UDI3TXBtYzZoUHlubXNGUlgraW04eklyVEl2bDd2ZURGc01XaWxLcndhNWVPT3FWWXRiYkpObGczVktEUko3cml4SE1GS0ZFaU5ORkh0cjZMMWloTkhhVmRMcmp0S2NVSDFhOGR5cFgrTVJTUEhrRmxlbCtTalRTWi9RTWVXZ0F1Sy9pNHFYUHo4SlMzOHpMN0xNN3c0N28wcElQZG15TUx1MWZxVms3K2UzeXJ6eWlQckxZZnk5YUpXbTNPWkhQWkhNSDcwMW5ZalphdHMxdndIMWxOYkZyWTNvMmVxY0lucWRxdlc2ckVCc281azlxRVUxT2plR2VoV1ZLTUFwa01BRE5zcWp5U3AyZklDK0d5V1M5T1FoVVhTQXBoU1U2NlYwcHFHKzZNTm5tdUhQeUlSU09IVGpHRm41NTJxMElOTFZIZlRFVnJLdmdPdmU1ZW1HcWR2UkVIMXJDT2IrVUpnZHZJT0xyZ000STMvUVBTb3NpeXgvSVpOTlMrbDJJM0ZSM3g3cGpWNVZPR2dHZEU5ZFgvT1djcEMzSCtTTUUvZ1pFRThESVZJOG9QZDFORTRHU051eUVuQ0FzNG1NY0tYK1pjWmdXNVkxVzc4RkJQT25DaTZjTVA2Y1c4U1BMaG5IcGJrQ0NmN1BFZWtSeGQwdmoxSnVvdGd3VWlxK1RXZlpzNDA5US93TlM3Y3gvbUlWc1o2S1JvWjFNa1RjUUlCMGxTb3NWZCswelIyNzY3d0ltREhSVkJ1dlRNK3NHZnhFYW83aGhWOG5zSURBQU01MmU4bVdhM3VyY2YrOHRhb2VOMTZHaWp2WkFlWnc0OWZuOE1oQVE0TUw5VVkvODVnYWxPUFpTZW5EY0UxcURDc2VDWUdSQzA0bVRRWnJMNjJTL24waEtxR1doR3laRnBMTFdVeGEvOHZ6RnNtV0pvOWRTNEQ1Y1BaNEdqR016VU1lYjZBZG1UZGxkZ1p0OHBwaVZBcnpoaklSM2hYNUQyZko4UnVWNWxVY2E0cUZONzVnOGY4eGpyZWxHMm9kSkRldXhqczZ1N3N3ZlpUZzUxRnZDSEhMNWZScGh6Wjl4c2Jwb05PaGpYRWN4RkE5WWM0NzA5OUNWNGhOekpEelZnVmdCTVBpb3JYV1ZsajVyVUZ3bXR0T2pTVGE3VGF1ek96RzFIZVMyOUhQQitUV29uVjJCQ2YvakNzc2gzcWNoK0RnbUoydWMvVnk1ZXZLY0oyWHpEdjlGTEJjdTJsc1llbXV0eVlKekNEWVFPM3kzWnc3SnMvVnplQlpOdCsrNGpDMmt4Q0ZTRDNOWXlHc3puRHNucnBMV1hiKzY5WGt4b0s0VExleEQ3NGtDeW5KM1ZTbU45aU5pMm5FUS9ObFltdEJ6ZTB2anZRM1JTckdBTmJTUW1OSHFMTy96NGdvOWZLNDN0akdkWWNYMlJCenhjY2t2NnlwLy9sMEdVck1lamt5V2JUUU9NeTgzUUhUMVgxd0FudUdIZnFWL0xtVEJsVFVmQ1pXOVllckpFbENOODEyUHB0SDMyU1Yrc01VdSs1bC92QVRuQlBqOTlzbVRPQnhYblp5UGFBTXRsbjNZRDVxdDYvLzZWRXhlUzJlUitIeW55K3NTTWNlZGpSQWpaOVEzZUV1aWdQbW44RVUyRGxRNVB2SHN3YzNQWHJ3VmRQVHhWZGhOcjBtbmc2eVJBdmtPdXpkcU9RRlpaamdWNWxiU05WZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * hgsLmCN0JOZ3iDoirR2BfyRyHufhxa

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Path

C:\Users\Admin\Downloads\xleUz_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCcacBBcee You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTgwNS1kSC85QmRJUGZYdkUrQktoTFdnN3VhOU1Nbm4wUDh3TURFQzlsN2gzSU5TTUJNVVFFN3pkRERNZ0pmZVpDanZ3Tk1SeUI5c3pJcFIzUzB0QjBqMkhTQU0vRmVNM2Z5T0lpYUgydVhFWnBwVmFPWkNFWXB0MUNmM3V5eVVCRk5OUVdtVWNKNGNFRkpLYU8vZ0QwT0RZV2h4WldwQnNweDd2MTZXY2ZWb1krN25FVDVFYlhiWHdQblZaZHBzajBDajdsTGQ2YWxKemZxWXVsN1FyVDQ4K3VNeDNPR1NaMlgwVDFOb2lCQlpBSkhMNnhSRVRhRlZhMlhtOVNDbGNTbTBlTXE1ZDlPc1U5eEp3SDdOUm04R3ZFQjR3c1pTSzIwaXhGSU56RXh1cFJ5RHBCOUF3RUt0RU5QeDFVd1dFWis4UDI3TXBtYzZoUHlubXNGUlgraW04eklyVEl2bDd2ZURGc01XaWxLcndhNWVPT3FWWXRiYkpObGczVktEUko3cml4SE1GS0ZFaU5ORkh0cjZMMWloTkhhVmRMcmp0S2NVSDFhOGR5cFgrTVJTUEhrRmxlbCtTalRTWi9RTWVXZ0F1Sy9pNHFYUHo4SlMzOHpMN0xNN3c0N28wcElQZG15TUx1MWZxVms3K2UzeXJ6eWlQckxZZnk5YUpXbTNPWkhQWkhNSDcwMW5ZalphdHMxdndIMWxOYkZyWTNvMmVxY0lucWRxdlc2ckVCc281azlxRVUxT2plR2VoV1ZLTUFwa01BRE5zcWp5U3AyZklDK0d5V1M5T1FoVVhTQXBoU1U2NlYwcHFHKzZNTm5tdUhQeUlSU09IVGpHRm41NTJxMElOTFZIZlRFVnJLdmdPdmU1ZW1HcWR2UkVIMXJDT2IrVUpnZHZJT0xyZ000STMvUVBTb3NpeXgvSVpOTlMrbDJJM0ZSM3g3cGpWNVZPR2dHZEU5ZFgvT1djcEMzSCtTTUUvZ1pFRThESVZJOG9QZDFORTRHU051eUVuQ0FzNG1NY0tYK1pjWmdXNVkxVzc4RkJQT25DaTZjTVA2Y1c4U1BMaG5IcGJrQ0NmN1BFZWtSeGQwdmoxSnVvdGd3VWlxK1RXZlpzNDA5US93TlM3Y3gvbUlWc1o2S1JvWjFNa1RjUUlCMGxTb3NWZCswelIyNzY3d0ltREhSVkJ1dlRNK3NHZnhFYW83aGhWOG5zSURBQU01MmU4bVdhM3VyY2YrOHRhb2VOMTZHaWp2WkFlWnc0OWZuOE1oQVE0TUw5VVkvODVnYWxPUFpTZW5EY0UxcURDc2VDWUdSQzA0bVRRWnJMNjJTL24waEtxR1doR3laRnBMTFdVeGEvOHZ6RnNtV0pvOWRTNEQ1Y1BaNEdqR016VU1lYjZBZG1UZGxkZ1p0OHBwaVZBcnpoaklSM2hYNUQyZko4UnVWNWxVY2E0cUZONzVnOGY4eGpyZWxHMm9kSkRldXhqczZ1N3N3ZlpUZzUxRnZDSEhMNWZScGh6Wjl4c2Jwb05PaGpYRWN4RkE5WWM0NzA5OUNWNGhOekpEelZnVmdCTVBpb3JYV1ZsajVyVUZ3bXR0T2pTVGE3VGF1ek96RzFIZVMyOUhQQitUV29uVjJCQ2YvakNzc2gzcWNoK0RnbUoydWMvVnk1ZXZLY0oyWHpEdjlGTEJjdTJsc1llbXV0eVlKekNEWVFPM3kzWnc3SnMvVnplQlpOdCsrNGpDMmt4Q0ZTRDNOWXlHc3puRHNucnBMV1hiKzY5WGt4b0s0VExleEQ3NGtDeW5KM1ZTbU45aU5pMm5FUS9ObFltdEJ6ZTB2anZRM1JTckdBTmJTUW1OSHFMTy96NGdvOWZLNDN0akdkWWNYMlJCenhjY2t2NnlwLy9sMEdVck1lamt5V2JUUU9NeTgzUUhUMVgxd0FudUdIZnFWL0xtVEJsVFVmQ1pXOVllckpFbENOODEyUHB0SDMyU1Yrc01VdSs1bC92QVRuQlBqOTlzbVRPQnhYblp5UGFBTXRsbjNZRDVxdDYvLzZWRXhlUzJlUitIeW55K3NTTWNlZGpSQWpaOVEzZUV1aWdQbW44RVUyRGxRNVB2SHN3YzNQWHJ3VmRQVHhWZGhOcjBtbmc2eVJBdmtPdXpkcU9RRlpaamdWNWxiU05WZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * 4I

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Path

C:\Users\Admin\Music\xleUz_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCcacBBcee You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTgwNS1kSC85QmRJUGZYdkUrQktoTFdnN3VhOU1Nbm4wUDh3TURFQzlsN2gzSU5TTUJNVVFFN3pkRERNZ0pmZVpDanZ3Tk1SeUI5c3pJcFIzUzB0QjBqMkhTQU0vRmVNM2Z5T0lpYUgydVhFWnBwVmFPWkNFWXB0MUNmM3V5eVVCRk5OUVdtVWNKNGNFRkpLYU8vZ0QwT0RZV2h4WldwQnNweDd2MTZXY2ZWb1krN25FVDVFYlhiWHdQblZaZHBzajBDajdsTGQ2YWxKemZxWXVsN1FyVDQ4K3VNeDNPR1NaMlgwVDFOb2lCQlpBSkhMNnhSRVRhRlZhMlhtOVNDbGNTbTBlTXE1ZDlPc1U5eEp3SDdOUm04R3ZFQjR3c1pTSzIwaXhGSU56RXh1cFJ5RHBCOUF3RUt0RU5QeDFVd1dFWis4UDI3TXBtYzZoUHlubXNGUlgraW04eklyVEl2bDd2ZURGc01XaWxLcndhNWVPT3FWWXRiYkpObGczVktEUko3cml4SE1GS0ZFaU5ORkh0cjZMMWloTkhhVmRMcmp0S2NVSDFhOGR5cFgrTVJTUEhrRmxlbCtTalRTWi9RTWVXZ0F1Sy9pNHFYUHo4SlMzOHpMN0xNN3c0N28wcElQZG15TUx1MWZxVms3K2UzeXJ6eWlQckxZZnk5YUpXbTNPWkhQWkhNSDcwMW5ZalphdHMxdndIMWxOYkZyWTNvMmVxY0lucWRxdlc2ckVCc281azlxRVUxT2plR2VoV1ZLTUFwa01BRE5zcWp5U3AyZklDK0d5V1M5T1FoVVhTQXBoU1U2NlYwcHFHKzZNTm5tdUhQeUlSU09IVGpHRm41NTJxMElOTFZIZlRFVnJLdmdPdmU1ZW1HcWR2UkVIMXJDT2IrVUpnZHZJT0xyZ000STMvUVBTb3NpeXgvSVpOTlMrbDJJM0ZSM3g3cGpWNVZPR2dHZEU5ZFgvT1djcEMzSCtTTUUvZ1pFRThESVZJOG9QZDFORTRHU051eUVuQ0FzNG1NY0tYK1pjWmdXNVkxVzc4RkJQT25DaTZjTVA2Y1c4U1BMaG5IcGJrQ0NmN1BFZWtSeGQwdmoxSnVvdGd3VWlxK1RXZlpzNDA5US93TlM3Y3gvbUlWc1o2S1JvWjFNa1RjUUlCMGxTb3NWZCswelIyNzY3d0ltREhSVkJ1dlRNK3NHZnhFYW83aGhWOG5zSURBQU01MmU4bVdhM3VyY2YrOHRhb2VOMTZHaWp2WkFlWnc0OWZuOE1oQVE0TUw5VVkvODVnYWxPUFpTZW5EY0UxcURDc2VDWUdSQzA0bVRRWnJMNjJTL24waEtxR1doR3laRnBMTFdVeGEvOHZ6RnNtV0pvOWRTNEQ1Y1BaNEdqR016VU1lYjZBZG1UZGxkZ1p0OHBwaVZBcnpoaklSM2hYNUQyZko4UnVWNWxVY2E0cUZONzVnOGY4eGpyZWxHMm9kSkRldXhqczZ1N3N3ZlpUZzUxRnZDSEhMNWZScGh6Wjl4c2Jwb05PaGpYRWN4RkE5WWM0NzA5OUNWNGhOekpEelZnVmdCTVBpb3JYV1ZsajVyVUZ3bXR0T2pTVGE3VGF1ek96RzFIZVMyOUhQQitUV29uVjJCQ2YvakNzc2gzcWNoK0RnbUoydWMvVnk1ZXZLY0oyWHpEdjlGTEJjdTJsc1llbXV0eVlKekNEWVFPM3kzWnc3SnMvVnplQlpOdCsrNGpDMmt4Q0ZTRDNOWXlHc3puRHNucnBMV1hiKzY5WGt4b0s0VExleEQ3NGtDeW5KM1ZTbU45aU5pMm5FUS9ObFltdEJ6ZTB2anZRM1JTckdBTmJTUW1OSHFMTy96NGdvOWZLNDN0akdkWWNYMlJCenhjY2t2NnlwLy9sMEdVck1lamt5V2JUUU9NeTgzUUhUMVgxd0FudUdIZnFWL0xtVEJsVFVmQ1pXOVllckpFbENOODEyUHB0SDMyU1Yrc01VdSs1bC92QVRuQlBqOTlzbVRPQnhYblp5UGFBTXRsbjNZRDVxdDYvLzZWRXhlUzJlUitIeW55K3NTTWNlZGpSQWpaOVEzZUV1aWdQbW44RVUyRGxRNVB2SHN3YzNQWHJ3VmRQVHhWZGhOcjBtbmc2eVJBdmtPdXpkcU9RRlpaamdWNWxiU05WZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * QQbYR

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Path

C:\Users\Admin\Pictures\xleUz_readme_.txt

Family

avaddon

Ransom Note

-------=== Your network has been infected! ===------- ***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED ***************** All your documents, photos, databases and other important files have been encrypted and have the extension: .aCcacBBcee You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files! The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files! We have also downloaded a lot of private data from your network. If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info. You can get more information on our page, which is located in a Tor hidden network. How to get to our page -------------------------------------------------------------------------------- | | 1. Download Tor browser - https://www.torproject.org/ | | 2. Install Tor browser | | 3. Open link in Tor browser - avaddonbotrxmuyl.onion | | 4. Follow the instructions on this page | -------------------------------------------------------------------------------- Your ID: -------------------------------------------------------------------------------- MTgwNS1kSC85QmRJUGZYdkUrQktoTFdnN3VhOU1Nbm4wUDh3TURFQzlsN2gzSU5TTUJNVVFFN3pkRERNZ0pmZVpDanZ3Tk1SeUI5c3pJcFIzUzB0QjBqMkhTQU0vRmVNM2Z5T0lpYUgydVhFWnBwVmFPWkNFWXB0MUNmM3V5eVVCRk5OUVdtVWNKNGNFRkpLYU8vZ0QwT0RZV2h4WldwQnNweDd2MTZXY2ZWb1krN25FVDVFYlhiWHdQblZaZHBzajBDajdsTGQ2YWxKemZxWXVsN1FyVDQ4K3VNeDNPR1NaMlgwVDFOb2lCQlpBSkhMNnhSRVRhRlZhMlhtOVNDbGNTbTBlTXE1ZDlPc1U5eEp3SDdOUm04R3ZFQjR3c1pTSzIwaXhGSU56RXh1cFJ5RHBCOUF3RUt0RU5QeDFVd1dFWis4UDI3TXBtYzZoUHlubXNGUlgraW04eklyVEl2bDd2ZURGc01XaWxLcndhNWVPT3FWWXRiYkpObGczVktEUko3cml4SE1GS0ZFaU5ORkh0cjZMMWloTkhhVmRMcmp0S2NVSDFhOGR5cFgrTVJTUEhrRmxlbCtTalRTWi9RTWVXZ0F1Sy9pNHFYUHo4SlMzOHpMN0xNN3c0N28wcElQZG15TUx1MWZxVms3K2UzeXJ6eWlQckxZZnk5YUpXbTNPWkhQWkhNSDcwMW5ZalphdHMxdndIMWxOYkZyWTNvMmVxY0lucWRxdlc2ckVCc281azlxRVUxT2plR2VoV1ZLTUFwa01BRE5zcWp5U3AyZklDK0d5V1M5T1FoVVhTQXBoU1U2NlYwcHFHKzZNTm5tdUhQeUlSU09IVGpHRm41NTJxMElOTFZIZlRFVnJLdmdPdmU1ZW1HcWR2UkVIMXJDT2IrVUpnZHZJT0xyZ000STMvUVBTb3NpeXgvSVpOTlMrbDJJM0ZSM3g3cGpWNVZPR2dHZEU5ZFgvT1djcEMzSCtTTUUvZ1pFRThESVZJOG9QZDFORTRHU051eUVuQ0FzNG1NY0tYK1pjWmdXNVkxVzc4RkJQT25DaTZjTVA2Y1c4U1BMaG5IcGJrQ0NmN1BFZWtSeGQwdmoxSnVvdGd3VWlxK1RXZlpzNDA5US93TlM3Y3gvbUlWc1o2S1JvWjFNa1RjUUlCMGxTb3NWZCswelIyNzY3d0ltREhSVkJ1dlRNK3NHZnhFYW83aGhWOG5zSURBQU01MmU4bVdhM3VyY2YrOHRhb2VOMTZHaWp2WkFlWnc0OWZuOE1oQVE0TUw5VVkvODVnYWxPUFpTZW5EY0UxcURDc2VDWUdSQzA0bVRRWnJMNjJTL24waEtxR1doR3laRnBMTFdVeGEvOHZ6RnNtV0pvOWRTNEQ1Y1BaNEdqR016VU1lYjZBZG1UZGxkZ1p0OHBwaVZBcnpoaklSM2hYNUQyZko4UnVWNWxVY2E0cUZONzVnOGY4eGpyZWxHMm9kSkRldXhqczZ1N3N3ZlpUZzUxRnZDSEhMNWZScGh6Wjl4c2Jwb05PaGpYRWN4RkE5WWM0NzA5OUNWNGhOekpEelZnVmdCTVBpb3JYV1ZsajVyVUZ3bXR0T2pTVGE3VGF1ek96RzFIZVMyOUhQQitUV29uVjJCQ2YvakNzc2gzcWNoK0RnbUoydWMvVnk1ZXZLY0oyWHpEdjlGTEJjdTJsc1llbXV0eVlKekNEWVFPM3kzWnc3SnMvVnplQlpOdCsrNGpDMmt4Q0ZTRDNOWXlHc3puRHNucnBMV1hiKzY5WGt4b0s0VExleEQ3NGtDeW5KM1ZTbU45aU5pMm5FUS9ObFltdEJ6ZTB2anZRM1JTckdBTmJTUW1OSHFMTy96NGdvOWZLNDN0akdkWWNYMlJCenhjY2t2NnlwLy9sMEdVck1lamt5V2JUUU9NeTgzUUhUMVgxd0FudUdIZnFWL0xtVEJsVFVmQ1pXOVllckpFbENOODEyUHB0SDMyU1Yrc01VdSs1bC92QVRuQlBqOTlzbVRPQnhYblp5UGFBTXRsbjNZRDVxdDYvLzZWRXhlUzJlUitIeW55K3NTTWNlZGpSQWpaOVEzZUV1aWdQbW44RVUyRGxRNVB2SHN3YzNQWHJ3VmRQVHhWZGhOcjBtbmc2eVJBdmtPdXpkcU9RRlpaamdWNWxiU05WZz09 -------------------------------------------------------------------------------- * DO NOT TRY TO RECOVER FILES YOURSELF! * DO NOT MODIFY ENCRYPTED FILES! * * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * * H2CvmnjR

URLs

http://avaddongun7rngel.onion

http://avaddonbotrxmuyl.onion

Deletes shadow copies

Renames multiple (171) files with added filename extension

Enumerates connected drives

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Avaddon

Deletes shadow copies

Renames multiple (171) files with added filename extension

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2