General
-
Target
bb3097aeb6e7fda5480e1de4ec140734b57d66df89bb4315c3947a43494d6f3e
-
Size
199KB
-
Sample
240417-qw4c9abd9x
-
MD5
f1be4601da1979e78ec0f260aaf3b030
-
SHA1
03eeb40b37fe977d8d945ef9c01aa75e037d73bc
-
SHA256
bb3097aeb6e7fda5480e1de4ec140734b57d66df89bb4315c3947a43494d6f3e
-
SHA512
fca0e87596b3149306de8c8df988c1a6aba43bfb9e62366c40842f58513d5726bbc60370060d9a78a766156fbf6fff42ad53de61ad2a76d46c562deae39aaa8a
-
SSDEEP
3072:DBftVMwGl7p3BduP2fD8ADnDbpuSpNkw00jI8IIImxLkl4062v5sbLZBRbh0pWZ:BHqrBjfDn/bpI0M8IJmU40nRsPRbhcWZ
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\Desktop\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
acY
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Documents\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
xk9qJh
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Downloads\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
nMkCeulOu
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Music\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
GJjkS
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Music\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
CoehHmSFoTwMiDC39j
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Music\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
3QG3cTF295eRadK5oGiE8
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Pictures\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
yv
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Default\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
L3mqm
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\4aGp2X_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .baaDeDdadB
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS03L0t0SWdOM1NPQ2wyVlh3VS9hSlN2R1Y1TzhDV0JPRmFaWGhBcmxUY1B0bmZ1K0plQnZwdVJhdC9HVW82Vjl3Y05QdE83SFpvYkk2RU8vbmR3REFjZEUwRTI0QWNiRFBScWlnbXlralZCVWkwNmtDbVd6eStVZVE5aUJBSFRkWUdyWVVldVRLTlRLeWlEcDBvakJLaXBSZVNXTXdCRjNXRGhPT1lCWS8vWXZMSVViTkt5ZmtEd3g0T2dVbWNQcys3VFFxUDlHK0xJaXlHVFhTRXNvZ0RIYXlXNWE5bXpsUmJEVk5ObDFmdHZ5WWFHN0JxanZzQU5oWDBOU0NRaFNueXdVdEIxN2dpYlhWRkRtdXM1b29SdVNUYjM2RlJLTElLY0w0UStvTjYzTmN4VU92NzdsaW05VVlRdUZLM3ppOHNIUi9XaGtoTmsrVEhLa2YyT2k4M0NXb2VJTzVUL2dpa2srQzQzRlMySkxRUjN4SDlscytaZStuazFXQjZnaE1yMzM4UUZBcXNKLzQ1YnBOdGVvejVmbWN5L0FWZEg3ait4ZHdqMjFqNkNuTTY4L0VWTGR1TU5IcHZTVHB5aGtYSU85alFmS05CZURkSTVwcmlSYktYVUhQM1VDSkpnUDQ3akJsU2Nna1J4UTZHd1lJamlNL1JmZ29sUTZJNTVOOHdORmtseFFXYW95R0ZKMFBUS0RJa0Eya3JpY3VOOGJvNXpOVUc2N1NzOEp3WUhRd3FxMXBXZWpPUU1lV3Yvdkx4dDdGc3hERmsrK0s1a2JMdCt1OVd1aHphR3JRNmRJV3g3cWV2TDhyT01BeUFNTnFFMkF4YXdoL1dnTnlCVnVQV0dOeFBUdDh2QThFR1ErOU1nUHI3M0ZLK1BwMDFwc3dvdUllZ1B0alpZUEhjcEVRR2c4WmtNNDVBTC9TczRMUTVTWWprWDhnQStac1BPbEtDR09HWi8yTGlIc0Z5RnJaT0QzK0hIcFZGWHdJa29KTFhPQ21ZMU9Dc1J5ckxPMzIzWTRIcU5WMmVSU2ZqSXIzRHFBTXQ0bW1EeWhESHlVM1hRL0MrUUcvd0FNYWJVK2xxangyYkgwK25sYjI2ZVh0Y2N0VlVJK1RPV05IeHdYZGkwWW1xbUJpRXUwTUtLN3lNMVRicyt3em1Fc3E5TldQQTByUkZzK041ODEzeW4xSXd0YzcrWkl6cHlsQkpEWTlIZVJ5MXVucGF2UWpocHAxbDlXcGNMU3l3eitwUmNUZVJpay9oanFOd2dFR1dYcU92SWdDZEZKYXh3b1NtMytDQlRUTjhFa2R3VW1RbnRXWGUzYUZZSGN0QUNxNTFxY2tCRVF0aEtxSU9FR2pTUU04Vk9KRGhGdkhHM0lxWmMxcDR2OE9hVTVYV3k1cEFpaTNpTU42cHpPUHFZN2JaNzh2UURPNWZaOWFLQzdmWGtFbzdEOTQybitqQmxYV09CWUlkcnRWMlQwKzd5RFhNTWFPczdGWjZqVStrTCs0ZTdka2RGMXo2VUxsT2xmRk53YnZEN2NYTkF5dWpoTTFoOEVCY0RmRW1KOU0wVUJsNXQ2aUF1MjVyQW5Obkd1S01TbUtjblNCcXdUektFRU9oc1VFNjlnQzUvL0lad3Y3RmRQcy9PWWpxZ3Brb3VnRUVZVlN3Ylo1TVpTaWJBT2xvVDVObTlmTTVVaDQzeld5dC84K2tJSko3OFRtNitNTVNYaVJ0bktvR0R0R1pnV3RlNVY0cTZHbFd1a3d2dEFDNjhYV2RUSnRvOUZWdWVjTUpZL29hVlhCUmI2emNZa3ZpR0c1NEN0MHIyM3RVbE8zNC95OGc0M1dNZVZ5dHI2QjIwYkMrL3dmQVRBODNyemJ2aFpxQmFhcHc0c2RtUHhyM1pOdlZkR1NlUWhReTh4QlV1MFl3RU9WUlY4dzRWb2orZWxIMHdIaWY5V0NqRjc4cU5hUWJsaElqY1lXUDhYMXN4eE9hSSt5dDBNVE4zOHhiSjB0YUo2c21QVzgvbHhHekwweUJvYnBBMFEyS3FLN0Qyd2JyRmJRdlVqYUpST1VaOE1ybm5JUXhHTXNQbDFscENZanZuWTBCdTlvQ3NDclRmVHNzbmFici9uT3N4ajh1Rkkxb09rNVpBUG9NbzFUaU5nY3d0YmlzQT09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
BftD6fyOh
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Extracted
Path
C:\Users\Admin\Desktop\kfhhI_readme_.txt
Family
avaddon
Ransom Note
-------=== Your network has been infected! ===-------
***************** DO NOT DELETE THIS FILE UNTIL ALL YOUR DATA HAVE BEEN RECOVERED *****************
All your documents, photos, databases and other important files have been encrypted and have the extension: .CBdDbEddd
You are not able to decrypt it by yourself. But don't worry, we can help you to restore all your files!
The only way to restore your files is to buy our special software. Only we can give you this software and only we can restore your files!
We have also downloaded a lot of private data from your network.
If you do not contact as in a 3 days we will post information about your breach on our public news website (avaddongun7rngel.onion) and after 7 days the whole downloaded info.
You can get more information on our page, which is located in a Tor hidden network.
How to get to our page
--------------------------------------------------------------------------------
|
| 1. Download Tor browser - https://www.torproject.org/
|
| 2. Install Tor browser
|
| 3. Open link in Tor browser - avaddonbotrxmuyl.onion
|
| 4. Follow the instructions on this page
|
--------------------------------------------------------------------------------
Your ID:
--------------------------------------------------------------------------------
MTgwNS1QendYZUhqV0xmOTZid2NiRDNwUTZnOTFIMEFYTWJhalRmUHdqTDh3SVpFdkQyelFJTjdlRThXeVRlVTZhQ1pldlAvMUYvQ1pmeVBpL2RUOU8zb3BVYzZ6VGhCWTRtL1J1ZUpub3JoL2hWaU1vQVN0NUw5dmJiSzE2MnE3eUtUWEFBREIrT1RGWjdyenk3V1FLeXpCZUYyTXRLVFU2clN1ZUVlWDRuTGlCZ2JDdWlab1pySDNFV2tWMzBHdGJxa29yK3l0enFlb3dCZUc0QmplQWlZLzRlcTY3S0cwbFNqTmJYOXRTblNvM0N5TDdPMjNMTlIzUlc1L1FKaGJjVkZkQ1V1OVdFK3QrNEFxekFHNTJmWlExSnVQajVWdU9KS1k3OVd3alBDY3NBUTNNMFVpNkorczZkcWQxOW9YZm5RY2FUKzBZYWRXVHZBdm9FZjBGa2JvNks1ZTV1WWF4UlMvdHFnK1UzamU2amZKZm9NY0ZlU0Z6dkxkOXE4QVNVRVgzL2JTUUg4TEF4YVc1K0FoNlRhOWJ4YWxsUlBTaVU0cW5WY21sZHhSUEF3SmRVSTU5VUF6Rlg4TXJXYnRSU25rS3A3L0NTVjNDbGVRY1lVblgwWWp6MlczYTVvY09lT3ljWEhrd3UxOU1PdEppbEplcW1DTnFJT0Z6NHZoT1FXdG1KK2doSHM3Q0I0bDhlOXRWdmJ4QUlSdUxsemQxbE5zcHRUQ0RDTmJUbEpyMWJIUEsyUURWSVcvZWgrYWNoa1FXaDN3OElvN0o3WVNKa0xoZEMzMnRNY3NLY3FmemxtQkxwc3lGSEwwdTBVeWlRcmRPSTJzTjFpalpuYSt6WEpZMmcvL0RFcjQ2MTFSMTdoanZ6VmQxcWx2Y1pGc3FPQjNvZU5SREc5dmVydEhlcnF3YXhOb3hFQW1SRS9CbkwzZG0yazNpSFA1enprN0h3MDdvdlNBOG03Y1pRb29FN1k3MDNnZ0VHcmFSUjBDZU5VRzNNa050cWphQXI2SUJLakZGa2ZFMW84QzlhdCtucUgyamN0cUdiNkxzUHlxV1lJclMrZ0d3b0J5ZFJEMUZwVjJRUkFvblpyYWpURDVOa0tUd2RFNER2Rmd0Q1Jmc210bFF3eEVXUzZjNUZPUzdBZWhqalRmZG5lclhIYnBYdWhXbU1zYWo0Wk45cis3MVFJVHNKMmR4NGh0YlVFMnNrYW5aUm10MW5GZXNwK0pHYlZOWjRXTDZuOXlnV005bHdWbmE0SnRTNVJXeXUrRElObldHOEVycXZSektZb01aODdzalJJQjFhT3YzcVAvTk9ZRDZyY2RvSHNieXl6Q3JMNVZCRnAyQXBoQzl3c3ZoLzRmOHVsK3pOMHE4dUp3c3Q1T3hkSmdoWTlWQmpKcGpOS0p5ajRWTjFJSnpYSm82T0hVclBBdlhhbklFaDkxRkxRdS9Zcks0NjRESVduRDdMVDZpblV0QVRuNGpVWnN0NTdVL1RKVW1xWU0vVTBYTTVnekJ6bmMzN2hiU2RqaS9zMnY4Mkl3d2ZUQW01dWU2VGpBS2ROdDJnTUR0aFVsd3A3dFF2aHp2aEFkbnJTV3ZUMTcwbVZXZHZsUy83RjdVbCtmRHJxQXlQOVVpdy8zUmJIY3gzYy9pSlBEMEFyWkdYTkpMWmkrSi9GWTJENWp1ZjlxbUNOdWdxNHI4WHQvTW4veXA5Skt1bDBiQUJrWm9YNUx0NmhrMGZnSWptQmx3QVJ6ekd2ajl0eFFqajBYajBqYkJuaSsxcHVOcko4YXpWTGZYTGgzN2h5Z3VXMkVIRHFxZEtScjFlRzlGQVdNQ3JqNm9YQ056blJFN1F4bHdTdjF4Qml3NzQ2a2NTSTllT1dRTzFEU2Z2YlBrOHN3Q0g0SG5mZmdBOUtpb1hpeWxYNGNPNENvTjNOKzZ0Y2E5eko3NklQUStCOFl1UHBlMHI0Yml2Zmp1cGhjLzF3TXNSa0RCTzJVMFBHbzE3OTFmczJ4dVA3WS9MaVFBbE9CWkh0a1I3RzhJbXBWSHNQbytXZ0s2K3pKamErbDNKM0NvNXBiME11a04zL25ZdVFRbEVQZUJtTGxqWjc5SENWakkvZkJVTlg2MHBOY1JJQ2Q2eHhaMkJyYjg3RDA0MERIK1o4Y3EzeG5qdz09
--------------------------------------------------------------------------------
* DO NOT TRY TO RECOVER FILES YOURSELF!
* DO NOT MODIFY ENCRYPTED FILES!
* * * OTHERWISE, YOU MAY LOSE ALL YOUR FILES FOREVER! * * *
6oJ3d0jf636DtKr
URLs
http://avaddongun7rngel.onion
http://avaddonbotrxmuyl.onion
Targets
-
-
Target
c14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028.exe
-
Size
483KB
-
MD5
53717dc73f61b0f9551cb62d6fca2e4a
-
SHA1
1ca9304e86632b147852767c85c57e08bdfc8855
-
SHA256
c14dd4a0831ea2548e1ddfd54b9704fe8ad0057924ede041c8c064b66690a028
-
SHA512
ae6ff8377d89cd3d1686c5a6bd7bb398bb975e4e52f7db5fbb0550783d77648558f03a13a9751d0cb6ed993621b12980d54777385802dd4c014ec22ae8d33552
-
SSDEEP
12288:WcvbX8rMmSZJ8t9ZITyDpFGIOyA4muT5WFExk8y:/zMr1SZJ8t9ZITyNzOt4dVy
Score10/10-
Avaddon
Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-