General
-
Target
4d75581c954c918a546ab2c8b2c6eba6_JaffaCakes118
-
Size
1.9MB
-
Sample
240516-22746sdb7s
-
MD5
4d75581c954c918a546ab2c8b2c6eba6
-
SHA1
98f03205c26eeea5ecca2d4cf19d53bbfb4c79c4
-
SHA256
edf98c8d92926d258cf70c2348ab4c68d31b377cd273b0686f12e3545089030b
-
SHA512
2d9311355319b84cf04dffee6e9d29f6fd308d397eb5da5c2de4511cd02df9166dd7dfc59eb71bf03b8d27939158aee60f0c7e9441b83a7a916d1a5a05b631fa
-
SSDEEP
49152:kOGFuSYku/CreuhEk3l5N52D4U7Q9XUedCLZAx4xeb:k9xbr13lj+Ux4Ab
Score
10/10
Malware Config
Extracted
Path
C:\PerfLogs\# How to Decrypt Files-EE7LY.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by "KRAKEN CRYPTOR".</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
mPKvuO8IryigrWMRM3gXto++v8as0HLiNUEsfEXFmGo4IWrqv9535299aFINLTay<br>o5klt6h3jlO532lKa7iAzSjVPTXA2zI4V435bq6usbTrkARsualOi5GOkcIjsP2G<br>F5D5riwuaJSa/4J7rH9P4ov2Pn6pz6sdQrZYov7B7JjS6UPiCl7/UWpgGOqU+hzb<br>QRVMNxazpZwr34SWtzGhUErMThxz5xuABXyZi+PJ7OLKrYqFxhC+NSmpmV94ta5g<br>pNWYJZqlN1Q5tPxu78uSLsfO+PT6lrSN3AhAQQIhqTRTUUl/KFnGS3IxGDjxm1Tu<br>BKtU4oMIpFPemwFywz9I1AIpLxcYC/viutgqZVkTSlhhJ3X62Ok696D+FseAe2mM<br>W8y01X8rhmA93FrGGhjnBSDODfSvmJwVw7uOBJW1T53/xORe3+4Op78rQYXTf27Y<br>i8Qy7Uyxq0u+XWq1v6+kGMo1l60BDt+xmIx92EiitcYuCOBHLGRMiwq1AdSkrSGq<br>CDmo6eC9eW07cmpgfxdm4oVQg8J6anCqT7ezukaucw9MIBU4uKpZHuGNagCeutAg<br>umvhTVdNShTSrJ7i5ALoirCMQT4kqJfwCUmm9xvCUdN2RF8msh6PaWTlLmj8KIKn<br>bPPkNqflpIRwoWYP/ef1QGQm8VZwAV9dSnizdP8t83ivgpcoFi3ROQB5sdToj/9U<br>ny0rhpkmEzbYPGs1AsopK6ukOz+75w==
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
Extension
<div class="info">
.EE7LY
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"!</p>
<p>Don't delete .EE7LY files! there are not virus and are your files, but encrypted!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that "KRAKEN CRYPTOR" immediately removed form your system!</p>
<p>No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.125 BTC), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<p><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com">https://localBitcoins.com</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES.</li>
<li>DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY.</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE.</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: "NO PAYMENT, NO DECRYPT".</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Path
C:\PerfLogs\# How to Decrypt Files-P2IW9.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by "KRAKEN CRYPTOR".</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
CcfcaLvYcFDD8AA/Xk/lPSpjgFx401BewjquvHfpqqE9EMBjN93zR+IKYPjfwobC<br>qcKlszbKvtDtvkbMIzCWWmT2CXxkQh5SFuDgshOYiFL0uiLaaZSjd6JcfhyD6oKE<br>2ZucPmxbQJNpv3hZ3IafahEY3STPSEEGHeOhwZkiMAjYJmRRYITT/fgfUJ24pLFi<br>3c6FABsXs9HjsRljEQW74ywN4ZUqTxZjPpjJhWCgFgU9f99T6tbUBx0gUSudOeN5<br>z5szeuLIrK5wP5ETV2Gn8YXmE3fiTps65YrtEgdWG+HwirMM7Zd4vdjJysSGgj7M<br>g6e3g6tbyPM3aet9jWMoepdAO1pAbyM5Zm3z3uodsLcVkvXgdyFeD4dJgAcwPTWO<br>j2iIP3U7zEN1K+qJ7cg9ZQsy1lBiKLJhNdvVh/mDk5dWjEVdTnFx6FvdfehpvUoT<br>uXnIGPHqt9ndG2s08Fb8gB69CDgz9lIL5bZIe9qf3doysTlAxmgVVZnnzOHNAaHl<br>eFNhKthyFQxvibmgi+xTSoAHJD4Nc8vtkKJ3AmEwT+qOem/sPx3gbjWt7yAtheAJ<br>ThQJwdhbsYpAGtWdbDdZu45LHhDh783FjKSPEBFut7lRrGwYfT0dlfC3PHnxLrDG<br>IxmZHQPXmY2+YuGWcTUO6Opcz76XnOmtsS3Aoj9oZmf2EgjJanCQXr0qVugmI6zj<br>+KaH+WNZ++FvzM1SLrokFA4xPIAcaw==
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
Extension
<div class="info">
.P2IW9
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"!</p>
<p>Don't delete .P2IW9 files! there are not virus and are your files, but encrypted!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that "KRAKEN CRYPTOR" immediately removed form your system!</p>
<p>No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.256 BTC), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<p><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com">https://localBitcoins.com</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES.</li>
<li>DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY.</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE.</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: "NO PAYMENT, NO DECRYPT".</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Path
C:\PerfLogs\# How to Decrypt Files.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
<script language="javascript">
function aIndexOf(arr, v) {
for (var i = 0; i < arr.length; i++)
if (arr[i] == v) return i;
return -1;
}
function tweakClass(cl, f) {
var els;
if (document.getElementByClassName != null) {
els = document.getElementsByClassName(cl);
} else {
els = [];
var tmp = document.getElementsByTagName('*');
for (var i = 0; i < tmp.length; i++) {
var c = tmp[i].className;
if ((c == cl) || ((c.indexOf(cl) != 1) && ((' ' + c + ' ').indexOf(' ' + cl + ' ') != -1))) els.push(tmp[i]);
}
}
for (var i = 0; i < els.length; i++) f(els[i]);
}
function show(el) {
el.style.display = 'block';
}
function hide(el) {
el.style.display = 'none';
}
function onPageLoaded() {
try {
tweakClass('lsb', show);
} catch (e) {}
try {
tweakClass('lu-orig', show);
} catch (e) {}
try {
setLang('en');
} catch (e) {}
}
</script>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by “KRAKEN CRYPTOR”.</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
sx+vb7ErISV2lLl+qYt5CXmkqvQlmiwjsbkVKY7/jfxUxW567yLb1Md1MEqqozYk<br>2nSAn0xkRJtWIIj5DPKfJNXG4WAIREXFutCHBGhmkNDAf/2m496WhCMMjiQ3AbAy<br>AW0aBrdDgVBZGGpeqZaS9lsPTV+PHM9Gt5BHnuvBr+yW717MpE0q/eiR1+5APBW1<br>oYUKleb4wuV0eeUmn32ZZ/+fR1HnxD3+ATp8U8DLlWqwbJKMm+bWQAMhR1py2Fxu<br>I95UMDgKK2dVlrFDMXOzKkJWDohHKr8OfdtRFlVvRDAt4tGCo3iIZfQQ7BosBHLO<br>R1K65N8U2cdyuJiqsts/eMzOHqH/+HZ/XaBk3fLHVBrAaHy83MpRc2nM/1nJcOv1<br>nS8nmFh/Ri06ODj16MEj588k6dCYKu5L9TS4HqDseY88xI6+gP+8Ug3t5/PA/ZXx<br>8tpcz2xh5GO3dPzwjR50V/XaNWrtTzya+k4UEf1yMjSPrPdPJDtAQ4EEwcJsX/ON<br>uDGFMR9w8lYcBDmnHPXzbwrcDI9mK+Ow/+KU7Xqudez4J0G0rFkQP1DmXUBU/z6V<br>8Se23PY6afuDgxjk8jt2/vMGp6pWZkiv7ruLAJV5ol28UulR1V/rB0PZoBtSIaew<br>Rm0+qi5cOg3euoyIa13NaNjP0GxpGSMlRw5F+6VfbCaUKqYmlgIi5bUXmd1rdX+J<br>5aDNYicrn7x7c7NqKCM7qWcurC7AGA==
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by “KRAKEN CRYPTOR”!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that “KRAKEN CRYPTOR” immediately removed form your system!</p>
<p>No way to recovery your files without “KRAKEN DECRYPTOR” software and your computer “UNIQUE KEY”!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">What the mean is encryption?</p>
<hr>
<p>In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it.</p>
<p>And those who are not authorized cannot.</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your “KRAKEN ENCRYPTED UNIQUE KEY” you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.125 <font size="3" color="green">BTC</font>), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<br>
<p><strong>Note:</strong><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click “BUY Bitcoins” then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com/buy_Bitcoins">https://localBitcoins.com/buy_Bitcoins</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES!</li>
<li>DON'T MODIFY “KRAKEN ENCRYPT UNIQUE KEY”!</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY!</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE!</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project “KRAKEN CRYPTOR” doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: “NO PAYMENT, NO DECRYPT”.</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Path
C:\Users\Admin\3D Objects\# How to Decrypt Files.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
<script language="javascript">
function aIndexOf(arr, v) {
for (var i = 0; i < arr.length; i++)
if (arr[i] == v) return i;
return -1;
}
function tweakClass(cl, f) {
var els;
if (document.getElementByClassName != null) {
els = document.getElementsByClassName(cl);
} else {
els = [];
var tmp = document.getElementsByTagName('*');
for (var i = 0; i < tmp.length; i++) {
var c = tmp[i].className;
if ((c == cl) || ((c.indexOf(cl) != 1) && ((' ' + c + ' ').indexOf(' ' + cl + ' ') != -1))) els.push(tmp[i]);
}
}
for (var i = 0; i < els.length; i++) f(els[i]);
}
function show(el) {
el.style.display = 'block';
}
function hide(el) {
el.style.display = 'none';
}
function onPageLoaded() {
try {
tweakClass('lsb', show);
} catch (e) {}
try {
tweakClass('lu-orig', show);
} catch (e) {}
try {
setLang('en');
} catch (e) {}
}
</script>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by “KRAKEN CRYPTOR”.</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
XyRIStY73QWK27oRwwLiz0Z8OAsN7QurakZS8FGwIA4fqU8LcIvx0JVFtMCUxIt1<br>SflGXIkSTA+qPBaGhmcUe0wgAzj2wWvPVf5mW1P8iY9dEs+BaqQ3m2YmpI02EFcO<br>5HoMjGant8PYpRwPvHzz/IW0pEU7ksgTG3XgwFjruR0wPVOd+xZwgRCYZguHJR8k<br>NGhjAAHmeuM9xYI/ustE/bU+C53UmC4Tz0UkTgYfUeDEPiDs1o4axgRkDyK+lxOJ<br>jqJldr7MLD74OYLmuVqXGx/TwFyTHAJs2wNIcrcnUk98q9MEVmdsblq4Ed0E3mTw<br>Q9Ndt3tcfX9CaXfTFtHdxXZIsJ2SYih6T6YLgAo/vOchdizYoMNnyCBxXGf5YoiB<br>35LWkUxS4pJjF/xRPnOaNxh3sfk+/73lgRuiGQPMYgxlzWAw71wqd5iqov0p1FHn<br>66l9AvisS2EyqqBrfvIh/JFFFdbNYMWCovERWHQcsu/+Y9wk/S77+2e2DWfx1vnL<br>GkGnkCgyhdaqjSxEWoKbeDJL2ohiksErZAurmGfqoigpB8wr6AhjYTE2gcvNrt7F<br>KNYhLoVC0imIXA0gR2ervq2B1vyuPX/gMEBmVUXW9LxgH71x/Fffe2jr+4fLikKz<br>gwHwVsslnaF1ApkCrzyy42lcUWGiYuwiB1JZsYKGPbcwNcoxNKBUYRl1j3GsrP1R<br>FINAQ8q1rtVDDAyYgq0YBg2hgScIhaQYCEXS9AC/6p7G
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by “KRAKEN CRYPTOR”!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that “KRAKEN CRYPTOR” immediately removed form your system!</p>
<p>No way to recovery your files without “KRAKEN DECRYPTOR” software and your computer “UNIQUE KEY”!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">What the mean is encryption?</p>
<hr>
<p>In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it.</p>
<p>And those who are not authorized cannot.</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your “KRAKEN ENCRYPTED UNIQUE KEY” you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.125 <font size="3" color="green">BTC</font>), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<br>
<p><strong>Note:</strong><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click “BUY Bitcoins” then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com/buy_Bitcoins">https://localBitcoins.com/buy_Bitcoins</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES!</li>
<li>DON'T MODIFY “KRAKEN ENCRYPT UNIQUE KEY”!</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY!</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE!</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project “KRAKEN CRYPTOR” doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: “NO PAYMENT, NO DECRYPT”.</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Path
C:\PerfLogs\# How to Decrypt Files-BGOZ7.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by "KRAKEN CRYPTOR".</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
lJ8PZoIjK+u8FPS7oQACb+CCOSglUHdcVK4bF9+JQAkVB9O/soLW9vHThz/2Ckoc<br>53TdyVEr4tJOSg4ygyeVdJWaMwHUSgQ+ZSOAVJjJAqujAzyZVNFiXIiBhvo7taqa<br>VmmFYKP4kpLM/sBnpalXBil+/sGXYAS6jRSvNlEUGSPV5xUApLQjFzGAToh0SRHU<br>E/g5GGtu7BvroLU8bs0Dne3eHm3/zMk8g+Au2bHBnrjtgZEV/zCNp5MWazDcaO3E<br>E1xhnO+cPbL6gSLAE8qvuioxrnf1q9WT+mVgUWGY0cSCSgnzAkqnyQyV8v9WaBqU<br>yXqGbx4Fzv3Lf4ejQwPSne0eLDOqsOA/g3tnQUC4niY7WYq4T/qXBDpAwV1DxRwS<br>63w1kJt0uvaKEImcd8OQDLLZvINAiK/7pVmPcMCSKOc1LddJ9ntuEFrvYP64j0js<br>bVPSFtNw/yQcfKlQ5FwT42ZIvBAv6gooa/qaiMjkw4skrvDFM7yOGhoagRy49kns<br>lxdhMAq0W/juiqjCjT5/TmqC0FlagWfiRTqiy1bOnHs2u3q2mIORPIfO5mKxMdt7<br>sUHOkwTc0zaQuI/rPDbWXiuglIaRXTGtwNai8+B5Tq1TSQU9LAEcHwdb0OgwxyOY<br>6jtYDcsZjdntJftz0Xvl0PvsU46GdfYLvBr15+wCP29COeSc3JCXDHdJ+opmcV+3<br>6Q307+4t7D4aHAmsYaqLl4XBorNQDg==
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
Extension
<div class="info">
.BGOZ7
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"!</p>
<p>Don't delete .BGOZ7 files! there are not virus and are your files, but encrypted!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that "KRAKEN CRYPTOR" immediately removed form your system!</p>
<p>No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.125 BTC), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<p><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com">https://localBitcoins.com</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES.</li>
<li>DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY.</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE.</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: "NO PAYMENT, NO DECRYPT".</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Path
C:\Users\Admin\3D Objects\# How to Decrypt Files-YKTRY.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by "KRAKEN CRYPTOR".</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
RA6Q0UgF4nksshZJBqpqXwXCksf7fD65bP0ssMI/JRYPtjTYXv6begIBASXhJQ5h<br>vE01iwc6kSCpuQwGnZrHfR5s7oEtBV2ycRTHUMpoLcBrjin3Ux3oeeP4q+6wsYnt<br>1BOc5KhR5gV5AXo7ZuZ9T/RPBiLp7oIrOlbznL5PZZYsQPO/CwKRV94fowxGrAv8<br>zbymmjGNIalDX91lsMT9QHsEAfvTVwAhNnKz9+w+x7q1Gj5DxVOgzgHdzjEtWVQJ<br>Raa37vF+pz5U0So8Z9mEAKHF7OEzpfeqEqrK28ufg30KEBhRPIJF82EZks7rEJwE<br>wbotCeRIxh5lf7Fu+4pUZLxz3IbUEyBjxvwZ9DuKP5UZF8bMKNzxRrCc7IQ+W6fW<br>ED+Q2O4vTk8hu2IJ597d9woBHr2LStFRLwS9msrhLrKxKgZlw9U7zyW9B3EtYp+s<br>pROjT37ZPtjEg5dqtKWARvv0XrQ6+S17YdENhd8h7K26TTm3M1ziChawkBxKr0oK<br>XScWplJjbq52wGPdAMuScdCGlPpZAyUnZluzVYmYac9S1nPnNftU8MX5f9FvJOwv<br>D4BUsmyBR6X75TU1EmL9cIvwM4GuWc5q8JD9sJil82LhZ2LA79EYiWVDX9JPrCBc<br>YEaR1+px4LKgaE5V/fv7cUETNys2/xvtJIZNInotOHIEuS/fVPpa1+Gk+7spBJUR<br>ADolRtrBrfM2joyDT9ynuMGNKLl1VNOwNmBl08AlvOqw
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
Extension
<div class="info">
.YKTRY
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"!</p>
<p>Don't delete .YKTRY files! there are not virus and are your files, but encrypted!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that "KRAKEN CRYPTOR" immediately removed form your system!</p>
<p>No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.125 BTC), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<p><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com">https://localBitcoins.com</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES.</li>
<li>DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY.</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE.</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: "NO PAYMENT, NO DECRYPT".</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Path
C:\PerfLogs\# How to Decrypt Files-ZTF3Z.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by "KRAKEN CRYPTOR".</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
cjnJODTZOBdddQIBaBNUDR2cQc+sCTqnv5P8fcwWtKsJmrsR2waQkaivBKKyTZfg<br>stSzzAjnmsu8h8+OHlv2iUXXdZL57B7WVXH+3gtzq5nIHfjfDZf1cq8Qd2eY6eVG<br>1NQ1nFDoLHPNS3W6XB4X6UZFzb74l0tyQJ9bXABQuClre4K7BdyNgiHrEw4dbrLA<br>dUYEn/wbrVgapgzyXuMYIRIpfhTE0C38oHlg4b60Bed9bIxshVsYsw4/eJLiidgX<br>PaQV0JqxM0m5XTDIByhO/pajB9O1dgR0hT5fesejOq0EqNcSSThFK+ezEOT5MqWO<br>vmRv18UGIyPZuNwZbak+LP56bMkuvLtT2dA8ZmJhzUX9xX1j1IjsxSm+ANji0olG<br>guu6pqqeEV86K98YQbKX95eVxV46U/sU4UW+COkxhSJvB9HX0JGfajkBzpV8igJJ<br>Un88bNY4KSNzUawVFrG0DrD/ivOLJh7Ek8s8C1cgoqXZe2N+do+81zlp5wsmhMwu<br>YaHi/pyIsczZS141PJ/yECDfDeoHJquJYm9XfaYB8Dcg+m9TTf1xTz0B3DuxXkXD<br>t0QISHljnlu6Qrn25LRlbGBUEUVvajth8NgGY99gLFWxVgx3pS7u519hVzEyelLO<br>UNiDkay4BY8utGq/LOABRSp6jEFUYBbdXjc4IUpTAElkmgYvKunahEbTq9fzzCFg<br>8+FdqBJ/2yG3kiC5vBC6v8zphXoU
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
Extension
<div class="info">
.ZTF3Z
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"!</p>
<p>Don't delete .ZTF3Z files! there are not virus and are your files, but encrypted!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that "KRAKEN CRYPTOR" immediately removed form your system!</p>
<p>No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.25 BTC), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<p><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com">https://localBitcoins.com</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES.</li>
<li>DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY.</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE.</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: "NO PAYMENT, NO DECRYPT".</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Path
C:\PerfLogs\# How to Decrypt Files-CLHUM.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by "KRAKEN CRYPTOR".</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
pFLWkhdMxa5RgLX5zh9sQ9+6l+oHHsHBr5naGSqLEFWRdHkYtgrO6HhygIg5KfeH<br>AE5wAz2ecNdc6md19GEmJbPNvrj4EWxPfka6R7qhoUsspnHRK7/0TYmPO//QEfpw<br>rXo5p1cBcTObnIFeq8P1JbDkL8SJzntQIw8y2S5IPCjZw1+hXINIctOS3ZUM4azj<br>ABDS5cElQQiRsIZ7z+iJkSnHYN7iaVO+IjkeA7VNPWjrFL0W9ZFG0SvujxuESkKH<br>jf75MiSK7rzXKOcYWvIiAqqoAmAMW2uTCxrIeqPSKAil/Cn2bHcd9MGFXcMWluiu<br>84Xwi+BayMO/tO46aVo4sBPT2TJTqHJIbWXB7wOj70mkZJmgO+kZfH0fxv8TcEcO<br>9sfnleaYSwHFnjbR+aBRPVP3DNU13dg5QYXimiDDJDCJ7o3d3PjwieAoeKhTbuBu<br>Scfee+QxfaPQbc3m6koPSUNawW2XPENv5kQiRUYknxTeRAGiCyvKJrd2F2jz0Gjy<br>w4k0+S6selReL3hZ6SEbESVDsPTHfKDOn9nc9YnWITtuODzmCWiEQ8HCgoM1N/X5<br>vhiyjMVdm8HWtiYNgsEByXWa6EPDlBPIqs+amPxX1m+fIFMBc9agqX0/pXL5Hojv<br>i2/Ba8YJka1o+VvZVX3Mtcuu0Sg4OmT4sh2+ZGqsPXz5Nh/yOphp4ZTq8ourt1W4<br>EFujjlxe+EHoAGa81+hbl9ylCRHpiMEHr9OlpRreBZg=
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
Extension
<div class="info">
.CLHUM
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"!</p>
<p>Don't delete .CLHUM files! there are not virus and are your files, but encrypted!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that "KRAKEN CRYPTOR" immediately removed form your system!</p>
<p>No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.25 BTC), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<p><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com">https://localBitcoins.com</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES.</li>
<li>DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY.</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE.</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: "NO PAYMENT, NO DECRYPT".</li>
</ul>
</div>
</div>
</body>
</html>
Extracted
Family
tofsee
C2
43.231.4.7
lazystax.ru
Extracted
Path
C:\Users\Admin\3D Objects\# How to Decrypt Files-EZMXI.html
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Decryption Instructions</title>
<style>
a {
color: #04a;
text-decoration: none;
}
a:hover {
text-decoration: underline;
}
body {
background-color: #e7e7e7;
color: #222;
font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif;
font-size: 12pt;
line-height: 16pt;
}
body,
h1 {
margin: 0;
padding: 0;
}
h1 {
color: #555;
text-align: center;
padding-bottom: 1.5em;
line-height: 1.2;
}
h2 {
color: #555;
text-align: center;
line-height: 1.2;
}
ol li {
padding-bottom: 13pt;
}
.container {
background-color: white;
border: 2pt solid #C7C7C7;
margin: 3%;
min-width: 600px;
padding: 5% 10%;
color: #444;
}
.header {
border-bottom: 2pt solid #c7c7c7;
padding-bottom: 5%;
}
.hr {
display: block;
height: 2pt;
margin-top: 1.5%;
margin-bottom: 1.5%;
overflow: hidden;
width: 100%;
}
.info {
border: 1px solid #888;
background-color: #E4E4E4;
padding: 0.5em 3em;
margin: 1em 0;
}
.text {
text-align: justify;
}
.lsb{
display: none;
margin: 3%;
text-align: center;
}
.ls {
cursor: pointer;
border: 1px solid #888;
border-radius: 3px;
padding: 0 0.5em;
margin: 0.2em 0.1em;
line-height: 2em;
display: inline-block;
}
.ls:hover {
background-color: #D0D0D0;
}
.l {
display: none;
}
.lu {
display: none;
}
#change_language {
float: right;
display: none;
}
</style>
</head>
<body onload='javascript:onPageLoaded()'>
<div class='lsb'>
</div>
<div class='container'>
<div class="text l l-en" style='display:block'>
<br>
<div>
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL8AAAEICAMAAAA5jNVNAAAAeFBMVEX///8AAAD8/PxQUFCJiYk0NDSenp5TU1M9PT329vb6+vrv7+/z8/Pl5eXKyspfX18oKCjCwsKPj4/o6Oivr699fX1xcXGioqLa2tq7u7uTk5PS0tI6OjogICCCgoJoaGh1dXUXFxeqqqpHR0cODg4cHBxaWlotLS1/4KDGAAAHlUlEQVR4nO2daVciPRCFaRpkRzYXXNCGUf7/P3zldUZn6O6bSmrDc3I/a/IASaVSqVQ6HQWt55v97rpcLIo/el4cXnr77eNYoztBjZZ3L78KpPJqO/WmbNZks8PoX6p226437ZnuV0ca+9fvsB95M39ptqri4D91vfUGP6m7GabAf+rBey5MVunw/+t17Ug/e2XSu36CyY0A/Uk7j6ncvRKiP2lvjj9fhKkiVN6b0k9vRelPujLEX1bi+EUxMJvHPQX6k+Ym9OtSCd9mDD2+qeEXxa26X7dVpP9QqexQ3OniF8Vhpon/oI1fFH3FD2CAr/kBTPD1PoCkwwM1nGjgb6zwP6yQghmd2+EXxYs4/qyy5C9Wwvjjgyl+UQjv7eX95ZBENwSGc/ePDoKxxvv47qvypne1Xc5n6/lye9W7KavYFnZi+N1Ij7nsbdfTMxPYna43u7hI0VKKP2rhetlMWq33eH03oLe0EFrGIkZPuQn6v7OHitraqwz/O7k/ms3obqixC5ENJXXH8hrhdm1om7gnARs0pX1Zgzh73aXFTR/4/LSO4pfLGckYsV3pGaWX9yRLsSO0fMvlp8RoU3/lJaHtRx4+xXamrzOE1q95/AS/jeNoEUYny4YS2ufNsEmw/QGn+fDo5xqI8DfE+AEmwQNd/gr5GOqCMQOCtl8i4BrcWyRPsGnoTPpdAL/TCR0CJq8BQc9HKMwR8lBS/eiQ48lcW74UmsOJwYhQszdC+MHA5DHtfDU0ewU32IERlLTCj59wo5IRmkBwL8mEBgzzQRC/07nGnaUcTQbWXqnJ+6nAXEtYZ0bY+DP9wpqwo3iIt9SB4SP79Qdd6Xg3Cw+fUhg/NAOit0gjbH3EYmNfwiYoegDh3/NZHD+0BsQOILwkahz04yhlbI/Y99E4YMNbsUh7J9oYUXgGx31leDZtVPjxRibOXcEpPjr5dlPYZ5y3C8P0OsMnMICiYrl4+GtlC+LklhgfDg9/rUQ17MTFTDq4dekr4Xe6cAmLmQAvqKGeFj/2uYb0CYDPLPTS3rEFpa8Aa6F2YoX7pcf6YOBnoZcjOH5GHdPDKHD6so9EgOAujJ5UA5vRTDKFPuiCuuyP+qgZzSxffKJEnXh49dW8bIBdIOo3B/deleYdOjyBqSMXmmGZmHmb4MJJXYGh86y3+ga7HhAtNzxQ0M1xhy5oRZt6OF1J99IcjprRktNHcBKp5ocHDBAt6OdnPj++O9g3beMEtxFvuleQuzArheYBwUUwIRIcJWhAaSmJ0AZoem8nQQNKCxxA71PX/Afiln3S4IV5RQIZXVB4C0YyHnAIat+0xJEPygKAly/5wP+/wgsAZfHBB1/S50Zx/JTecQvaV41HMDOUEsPy5R/DX/+O0IKn+9AJHJxQrB90HxbqFUyg805ZfaAF66tfEIWrD4Ufuj9aof9vsWNPe19+GAKqb76758L8vfo/yAp3/177835NcPf19lT/B1nB7ou3s7/uwL++fGV+X2V+X2V+X2V+X2V+X2V+X2V+X2V+XzXyHwflBWrQlNXQxP80Ut7jpqlxZ9/Erx9jSBOVn3XjU1GZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31eZ31fW/N35ditZBdOW//F3Gt2NWMKxJf/krys0K6GcFUP++T+Fm4YyFybt+GtJnCLTwIy/oSOJS0tW/I0ZMAK/gBF/y+VDvhmy4W+7AXJkv0xgwr9uLRl3zTWjFvyoTje3JrgFP7xBzcz9NuDHFeN+8W4+6/Pj+9PckxF9/kAVLmbhEXX+cD1Y1ghS5w8UjDuJc/1Hm5/0wgRjFdPmJz2GR7mB4MM/puBzyvYp81OqORec6hfK/MRXAtJNqDI/8S3IdC9ImZ/4wkr6BVBlflj04lvp9QuU+Qmr10npN4Au4/tPN6DK/EHn7VPpPqgyP/El3XQPSJmf+LRfev0LZX7SSxOcQJC2/1aR+NMvUGrzU97jKF6T8dX5Se8MMe5vq++/CB4E5/7qBex/WRt4/fhD8Adg1Y7T5w++ZcE6BjCIvwWei7n0+FVnhB8sufT4YSCGcvnxW7gL5pausTl/aa3+wi4cZ3T+1VK6mP8WnBF/c+X6J/7D3Fbnp9OGGlwC+Ibn77UaJkOJZ9EN8x/O1rGDSNUXQ/6zBAiZt2QN+c9jiSI5QHb8NRPEiPp/y46/dg4p8h63Y/4P8+TXmr9+Cv+T8n+aKrBJPAZtxt8QyYooHu/P39SRgAU142+KRAuU/TXz3xralLjUasXfnETzc/zn5hwmfuFKI/5x8+MT/NcWjfhbwrg/Zv/YVsGWbUFt+FvLt7ItqA1/a/lNtgW14W8vIMy1oDb87WkcXAtqwj+uWvm5PqgJPzgE41pQ7/gt14Ka8KMsCOYu3oIfvj/A3MVb8OMTMF4YzoIfJ/HxdvEW/DiJj3eDwYAfv/9TlKwrJAb8uPY404Uw4A9lELAevzHg3x+HSH3W6xP5/rKvMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vMr+vfjp/0wXRJv7jqneJWjVdLGji/0nK/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L7K/L76DxuakMqfwNR4AAAAAElFTkSuQmCC" alt="LockLogo" />
</div>
<br>
<p><samp># All your files has been encrypted by "KRAKEN CRYPTOR".</samp></p>
<p><samp># Read the following instructions carefully to decrypt your files.</samp></p>
<br>
<div class="info">
-----BEGIN KRAKEN ENCRYPTED UNIQUE KEY-----
<br>
PNc7DobMl5ufpby8GZ5xiSHFX8QCHRPiXPj6RtNYGnloA+qFnfdwaLfPE3TwaPJv<br>oWSgi7Q5kxHi1nF+c3OJN9Am0J5nK+8lPSEyO+CGksU+JqjWPI4LMhGZlU+M6lR2<br>zbwGEM8Bf143Z3tN/ncy4ldOtdiK1/g+8pYx3DY+t8vF196z65CuQsI6InITZFv0<br>KRdBQ4b9fE8am9vj0YYDurTyrh5kXua4eJuuoo2o1j8QJ3/GyvAsONKncPPiXpGz<br>5uCWbencpSQxaFXwo7e97WnrNv7JVeckF8HcBEhPMmwQhG0UJ9LGvzBzKcRwZqEj<br>+Cfl4HFwSu2WUmX5doOsyEAD5USm7mzBRP6qP+4QhIlVnIOG7gxA72q4Aw9N3KXj<br>gCJEmwXtJZN8NbKaS6G9CqS0Kj6JgzesDEVTO9l4CVfqLdOcJOqaNVP1G/YO1uZe<br>RnvhhVBHIucFWqVMnPh8mLTJF0/mQUpElQ3EO24zCwtLzEvByJ83x1ugTQIE6PrN<br>FSKSmhmStcZVUegOvg210sObVSgZTQ3UW57PQ3+AGiSdz74a8tDYwxjf0pU8o7W9<br>f1Boo//sxSLmI9P+TA8pEh9SNAW45irMz+2JlCNRJy8LFZopv/HApvVkrTdFTm8X<br>zYk8n0dR1lx93REpfHUWNLSAN4+ZYP7YfM9ddliEr/DYHWRJiWz4KrOMn9Lovct3<br>jCEEAaeRoLde01wwkuKST9rktiuBxwyOEcdj6HAZtcli
<br>
-----END KRAKEN ENCRYPTED UNIQUE KEY-----
</div>
<br>
Extension
<div class="info">
.EZMXI
</div>
<br>
<p style="color: #D91E18;">What happened to my computer?</p>
<hr>
<p>All of your files such as documents, images, videos and other files with the different names and extensions are encrypted by "KRAKEN CRYPTOR"!</p>
<p>Don't delete .EZMXI files! there are not virus and are your files, but encrypted!</p>
<p>The speed, power and complexity of this encryption have been high and if you are now viewing this guide.</p>
<p>It means that "KRAKEN CRYPTOR" immediately removed form your system!</p>
<p>No way to recovery your files without "KRAKEN DECRYPTOR" software and your computer "UNIQUE KEY"!</p>
<p>You need to buy it from us because only we can help you!</p>
<br>
<p style="color: #D91E18;">How can recovery my files?</p>
<hr>
<p>We guarantee that you can recover all your files soon safely.</p>
<p>You can decrypt one of your encrypted smaller file for free in the first contact with us.</p>
<p>For the decryption service, we also need your "KRAKEN ENCRYPTED UNIQUE KEY" you can see this in the top!</p>
<p>Are you want to decrypt all of your encrypted files? If yes! You need to pay for decryption service to us!</p>
<p>After your payment made, all of your encrypted files has been decrypted.</p>
<br>
<p style="color: #D91E18;">How much is need to pay?</p>
<hr>
<p>You need to pay (0.125 BTC), payment only can made as Bitcoins.</p>
<p>This links help you to understand whats is a Bitcoins and how it work.</p>
<p><a href="https://wikipedia.org/wiki/Bitcoin">https://en.wikipedia.org/wiki/Bitcoin</a></p>
<p><font size="3" color="red"> This price is for the contact with us in first week otherwise it will increase.</font></p>
<br>
<p style="color: #D91E18;">Where can buy Bitcoins?</p>
<hr>
<p>The easiest way to buy Bitcoins is LocalBitcoins website.</p>
<p>You must register on this site and click "BUY Bitcoins" then choose your country to find sellers and their prices.</p>
<p><a href="https://localBitcoins.com">https://localBitcoins.com</a></p>
<br>
<p>Other places to buy Bitcoins in exchange for other currencies worldwide:</p>
<p><a href="https://www.bestbitcoinexchange.io/">https://www.bestbitcoinexchange.io</a></p>
<br>
<p style="color: #D91E18;">How to contact you?</p>
<hr>
<p>We use best and easy way to communications. It's email support, you can see our emails below.</p>
<p>Please send your message with same subject to both address.</p>
<br>
E-Mail
<div class="info">
[email protected]
</div>
<br>
Alternative
<div class="info">
[email protected]
</div>
<br>
<p style="color: #D91E18;">Attention</p>
<hr>
<ul type="disc">
<li>DON'T MODIFY OR RENAME ENCRYPTED FILES.</li>
<li>DON'T MODIFY "KRAKEN ENCRYPT UNIQUE KEY".</li>
<li>DON'T USE THIRD PARTY, PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY.</li>
<li>DON'T ASK PEOPLE OR DATA RECOVERY CENTERS, THEY ARE MAY ADD EXTRA CHARGE.</li>
</ul>
<br>
<p><b>Additional</b></p>
<hr>
<ul type="square">
<li>Project "KRAKEN CRYPTOR" doesn't damage any of your files, this action is reversible if you follow the instructions above.</li>
<li>Also, our policy is obvious: "NO PAYMENT, NO DECRYPT".</li>
</ul>
</div>
</div>
</body>
</html>
Targets
-
-
Target
1acfdefd7d823688159e6369f5f32ec4.vir
-
Size
197KB
-
MD5
1acfdefd7d823688159e6369f5f32ec4
-
SHA1
12431515b0bed686a64f27f536644c0d7b8415a8
-
SHA256
a33dab6d7adb83691bd14c88d7ef47fa0e5417fec691c874e5dd3918f7629215
-
SHA512
58fdde7a44db2f789bc28beae582c49a3708b5df5f147f2f3ceebf0ae1e6003ebf68738af3d1708bfd59dc23c7e4938cb1b0495b91a8b8910b96a9db250bb3d1
-
SSDEEP
3072:71Vr386ETFhDhJ6jOhrPOwMeEaUZ66loC1bI6RCXFt8NtNEi+OZhgahY:71Vr3iHbPOwMek66lo9t8NtNEi+OZNh
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
20de026bf4998364c894a00f7a97df60.vir
-
Size
99KB
-
MD5
20de026bf4998364c894a00f7a97df60
-
SHA1
9db4857e4894082aa77c5f5b82009f2028f8fc51
-
SHA256
7f8cb81aabb63a3bb8806b9c055582bec59ef104362316dc164dd686128b9246
-
SHA512
10894d234217ba24391d5de14e40908cfb13ae367e943b34fafad9c6bd5caa937501f1db04ee43127171d40d7d185fa09cf3de8f765b89aa706272ee6c0596dc
-
SSDEEP
1536:R33ZAoU8Ed7fzXfQFlj8+6a+Vpvy/eKaO/VChHWNvw0+pDi8P19Exk:hZ3EZf6A+6a+Vpvy/ead22KHDDPEa
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
353b1a5ced1e9c3341cf45160576b852.vir
-
Size
90KB
-
MD5
353b1a5ced1e9c3341cf45160576b852
-
SHA1
c86dfcef3b348d59391d8e4a724b6328a4cc97ea
-
SHA256
cae152c9d91c26c1b052c82642670dfb343ce00004fe0ca5d9ebb4560c64703b
-
SHA512
92329753aa2158cce3bd662bf31674022ba29eb19a880be26531966068a6808789f034dc1358fcb10d815570940b2c13d40f4f7c2bbb26e27bbf550db1d234fc
-
SSDEEP
1536:oMv7odcxk1p242SAlFkJ2M8xR5AnbFDPWrRBHoiVUhsoEjqZ4S5sgUgb6XY8r88W:dtI52SAlF82M82EFVdVUhsoEjqZ4S+OD
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
37a4514026f67eeebd5a8f6786a92e30.vir
-
Size
90KB
-
MD5
37a4514026f67eeebd5a8f6786a92e30
-
SHA1
937d554ef099cf95ed6004a677998c8dba0a1d98
-
SHA256
6c4a1f74de712ee096140aba680c37ed6b7cce8c412f1e2defaee84a556c163a
-
SHA512
66373fc7ffc0a3b1b6aa147523aeb18ecf04a768ee3791a13e3b0e9dfa7fb261284b748adfeeccaf8cbdb275d61cf56e8c9696c1ca0428fac487ca734f07af61
-
SSDEEP
1536:fMv7odcxk1p242SAlFkJ2M8LROAnbFLPWrRBdo7VUhsoEjqZ4S5sgUgb6XY8r884:gtI52SAlF82M8RAFz0VUhsoEjqZ4S+Od
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
60121ea2ab380455f7e143cd9438443e.vir
-
Size
98KB
-
MD5
60121ea2ab380455f7e143cd9438443e
-
SHA1
091fd74c5caebd9f53c34781ad6b0241883fe698
-
SHA256
b8f7c90cd170ba8c79c472997c17509e2d241a54a9cef7efea4dac23b043afe8
-
SHA512
3f42a0756999d6441721f8d4663c8af677c895c4e11ddff25d7a1216b3b4a015b7d3763c0e06f616f73eb5e9df3b42e07baf8d5ec910632f3e275c8d2fd388e6
-
SSDEEP
1536:AnTUL9I230W6mN+ZGCHMNzKR1iFAGGR10p67LsJmFMbchiRO1mbF8VrdCKcl:skC2++p6/PMbcskdhY
Score10/10-
Clears Windows event logs
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
-
-
Target
6ac062d21f08f139d9f3d1e335e72e22.vir
-
Size
98KB
-
MD5
6ac062d21f08f139d9f3d1e335e72e22
-
SHA1
9e967a759e894a83c4b693e81c031d7214a8e699
-
SHA256
564154a2e3647318ca40a5ffa68d06b1bd40b606cae1d15985e3d15097b512cd
-
SHA512
0a02068f6e22a41f4037d01882e32fc7bacf515818cf4f721960b987393da6b1d32ff4aa1b5fa73d546908cb85ded211061b37f4731ed643b8182909008a6892
-
SSDEEP
1536:0bPX/gJxDFgu02gM+LXbtQ5IxWwbglROAnbFmYVKCKclF:0cxz1gxXSNwbYcYVKhYF
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
6db9f96b1c56bcb56bc88904683465da.vir
-
Size
87KB
-
MD5
6db9f96b1c56bcb56bc88904683465da
-
SHA1
dd832f01d83be81a1d3afe8344fe0d0f9c02ae76
-
SHA256
047de76c965b9cf4a8671185d889438e4b6150326802e87470d20a3390aad304
-
SHA512
8deac0c28648d9d5a018cdb3a68e889214df6599f327a09f5d30f5d3d78a8cacbff6c37d6048e6fb362c028c6310c848fb08a1917387bc1960b4ee0f368052d5
-
SSDEEP
1536:onTG2LbwZSWG/Ib9hrsg/KNj1zmymisF6PSovbFyxjRB2GuxaOzD4DuypgWRxmY:on11Ab9hogydlmyEAnvb6Y85pg8o
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
71f510c40fe511bbc6296101698124cf.vir
-
Size
85KB
-
MD5
71f510c40fe511bbc6296101698124cf
-
SHA1
e9e13458cff0f31263d802b1b31fc0630aef35fa
-
SHA256
61396539d9392ae08b2c9836dd19a58efb541cf0381ea6fef28637aae63084ed
-
SHA512
6ad376423ddc083b002d8b712637834eb671ecce59dda81e8230fee6b97c6f7e2ab2da66cdfc3313619bfa7aa337d861362e8004976f5509579a3a538511f6a5
-
SSDEEP
1536:8061QgflMyFL1yxvBW65jddjG3PbzztFRO1nbFDFQtqCKcl:806QKlJE0qdgPbzzMgtqhY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
74e40db78ff482c904336c92e5702683.vir
-
Size
92KB
-
MD5
74e40db78ff482c904336c92e5702683
-
SHA1
f658ff3be7916158ac27ded4a9e15586c794a7fc
-
SHA256
42be9bd6089404ffe72b9f728a9e01902e87844215735e71e62207ea9939875a
-
SHA512
7d73191a4294ab6a23ba405f760aba3ba04f9085b2a1565135b07446d402eec83e729c3620bd56c42e07fc568acadfa2d4076460396038affc71c98944d94a70
-
SSDEEP
1536:Eu9ZnfCDXBTambyG5WzWwbBIRBxnbFswTWGKcl:EwCDxH9wbUhW1Y
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
8245c3b357c4dfcce7e058464c58c5fe.vir
-
Size
99KB
-
MD5
8245c3b357c4dfcce7e058464c58c5fe
-
SHA1
82c5f666ac6e8ef1f886c058d3761c50d9b90567
-
SHA256
d5f21ec21489e4ec2809672b6981fb9b21dca30952fb1ed18a0907b54912aa9e
-
SHA512
f489655ee4cbc5f16ce0d1ba2dda8ad9fd58ff8d0f48631a44d8a6f07d8988995026cc455107a17ad34230eb3dd8f1fd4c1450e45573d51f4304311aba027c6b
-
SSDEEP
1536:RWpoiWXY7wb9Zn6jhKV53LuHxp4mmkrkrTpwJx2FrNSjlxVgpo:4dWxj6AV53Lu0mmkrCwR9
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Windows security bypass
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
99829d5483ef57c05af928322bd5d6fd.vir
-
Size
106KB
-
MD5
99829d5483ef57c05af928322bd5d6fd
-
SHA1
345692e03227cc66634b6ad401dd11b7fcf243ed
-
SHA256
d316611df4b9b68d71a04ca517dbd94615a77a87f7a8c270d100ef9729a4e122
-
SHA512
293c2f47f1e10c2cf014e38b18acdb5ddb8c7781c8bdc0eb0060518e58d312030e72d89357b7d8b4bca1ddac7fd22e68268c8e41a2e2b758525e715e10db724d
-
SSDEEP
1536:8Egk+8Ot8UrBFFJW7pBcJN/LRdasLLZD5O3IbjiLRB2guxaOXu/4D0UgWRxmY:8E7+84nFA7KN/3j3fbjekO8Xg8o
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
-
-
Target
9d07b89cd606bf2379ecc25fd4a4667e.vir
-
Size
96KB
-
MD5
9d07b89cd606bf2379ecc25fd4a4667e
-
SHA1
24683738ef9c5d7cff30c17ec6df6575a62859d7
-
SHA256
7260452e6bd05725074ba92b9dc8734aec12bbf4bbaacd43eea9c8bbe591be27
-
SHA512
6cd84cfa1b43cf32035ea31cef4e42222f9c72fa9a0a3806f08beaa166cbd1cf7fa883cabc136d4831c7e57588a753570e1112d55888ff7fd05d1d852b0b82cd
-
SSDEEP
1536:5B6sO7n0oShAiUIauVEe/DbplvRB2GuxaOLcb1AWRxmY:55oB0LAuVzDbpnCcBA8o
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
b8665cf00d32352ee83ceb189595a753.vir
-
Size
91KB
-
MD5
b8665cf00d32352ee83ceb189595a753
-
SHA1
669605b2968e3eca80c9366f973dc589057227e5
-
SHA256
7e0ee0e707db426eaf25bd0924631db969bb03dd9b13addffbcc33311a3b9aa7
-
SHA512
de6ec58e018a8db2538c0e5ae3942ea3ec370a9724e2f734e5c3898d8867213f25116a7793309e87c04548d1180aeb7d57bda37c0d60c4f3d2fa390e509f1a28
-
SSDEEP
1536:AbPX/gJxDFgu02gM+LXbtQ5IxWwbglROAnbFmYVKCKcl:Acxz1gxXSNwbYcYVKhY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
ce7606cfdfc05f9d4b336df2c78a46c3.vir
-
Size
96KB
-
MD5
ce7606cfdfc05f9d4b336df2c78a46c3
-
SHA1
5ed4b6bd93f026000aa05b373c1580c7290714b8
-
SHA256
2b2607c435b76bca395e4ef4e2a1cae13fe0f56cabfc54ee3327a402c4ee6d6f
-
SHA512
079a0cf08cb1531a287b752801288680ddfc7714df28f3db553b72405ac4f62dbcc68d9ec1e36ef236c78fea6fcec1fac98ea879e90d1b5098ee8d7fcf6870cb
-
SSDEEP
1536:ckhkYEtQf2tQIlzXD2y4aeS+koDbbVpRB2GuxaOTLZAWRxmY:56Eyvx4LSIDbVEA8o
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes itself
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
da4a56f9db3ccef32e88ad2e5c616a1a.vir
-
Size
99KB
-
MD5
da4a56f9db3ccef32e88ad2e5c616a1a
-
SHA1
8a6379a31a9d80614fbcb05dbbc454aec169b114
-
SHA256
00a857cd58005ee7f9aaa14d28852b66e833375bc18f7329f955a36d271ebdee
-
SHA512
2d61ebb6c2c4ef87ac9bcab3558179b58ecf2e24011841876f55765023069eb48055e5b52d007bb681658a7fcc669b24bebe31a5bf91e42366f265ae1e6bead2
-
SSDEEP
1536:RDCxOjokD33SiCTjvEmalf++kz2u3IT7lX6Z+Hnsi73nC:p4CdDSi+Emj+vusNsi73nC
Score10/10-
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
-
-
Target
f1ee32e471a4581b7274c00459397cc2.vir
-
Size
106KB
-
MD5
f1ee32e471a4581b7274c00459397cc2
-
SHA1
3edaac2012d7582682df588f63bf78c222b7f348
-
SHA256
469f89209d7d8cc0188654e3734fba13766b6d9723028b4d9a8523100642a28a
-
SHA512
e519ab8a24677324f671339a29d2cb56a4be633cb72633f2cf16a395844ce54d51e2d649a01d0a7911c4190fbdb90b645e36278abd380af864d4cc6e6d470465
-
SSDEEP
1536:0xTC2tbOdlQYfvaBy9w0mpOjv5pdj8Qy6woTZbIXapROAnbF+KCKcl:MTC2tUl/fv9mBMRpdjTdbIiIKhY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Matrix ATT&CK v13
Execution
System Services
3Service Execution
3Windows Management Instrumentation
2Persistence
Create or Modify System Process
6Windows Service
6Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Privilege Escalation
Create or Modify System Process
6Windows Service
6Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Defense Evasion
Impair Defenses
5Disable or Modify Tools
2Disable or Modify System Firewall
3Modify Registry
7Indicator Removal
3File Deletion
2Tasks
static1
Score
10/10
behavioral1
Score
10/10
behavioral2
Score
10/10
behavioral3
Score
10/10
behavioral4
Score
10/10
behavioral5
Score
10/10
behavioral6
Score
10/10
behavioral7
Score
10/10
behavioral8
Score
10/10
behavioral9
Score
10/10
behavioral10
Score
9/10
behavioral11
Score
10/10
behavioral12
Score
7/10
behavioral13
Score
10/10
behavioral14
Score
10/10
behavioral15
Score
10/10
behavioral16
Score
10/10
behavioral17
Score
10/10
behavioral18
Score
10/10
behavioral19
Score
10/10
behavioral20
Score
10/10
behavioral21
Score
7/10
behavioral22
Score
7/10
behavioral23
Score
10/10
behavioral24
Score
10/10
behavioral25
Score
10/10
behavioral26
Score
10/10
behavioral27
Score
10/10
behavioral28
Score
10/10
behavioral29
Score
10/10
behavioral30
Score
10/10
behavioral31
Score
10/10
behavioral32
Score
10/10