Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Locky Ransomware:
- http://www.iglobali.com/34gf5y/r34f3345g.exe
- http://www.southlife.church/34gf5y/r34f3345g.exe
- http://www.villaggio.airwave.at/34gf5y/r34f3345g.exe
- http://www.jesusdenazaret.com.ve/34gf5y/r34f3345g.exe
- http://66.133.129.5/~chuckgilbert/09u8h76f/65fg67n
- http://173.214.183.81/~tomorrowhope/09u8h76f/65fg67n
- http://iynus.net/~test/09u8h76f/65fg67n
- regkeys:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Locky
- HKEY_CURRENT_USER\Software\Locky\paytext
- Commandline:
- "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_Locky_recover_instructions.txt
- Strings:
- 86.104.134.144
- \_Locky_recover_instructions.txt
- &length=
- &failed=
- &encrypted=
- &act=stats&path=
- id=
- &act=report&data=
- Windows 2000
- Windows XP
- Windows 2003
- Windows 2003 R2
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
- Windows 8
- Windows Server 2012
- Windows 8.1
- Windows Server 2012 R2
- Windows 10
- Windows Server 2016 Technical Preview
- unknown
- &x64=
- &sp=
- &os=
- &serv=
- &corp=
- &lang=
- &act=getkey&affid=
- Tahoma
- \_Locky_recover_instructions.bmp
- Control Panel\Desktop
- WallpaperStyle
- TileWallpaper
- open
- Software\Locky
- pubkey
- paytext
- completed
- svchost.exe
- :Zone.Identifier
- &act=gettext&lang=
- vssadmin.exe Delete Shadows /All /Quiet
- Software\Microsoft\Windows\CurrentVersion\Run
- Locky
- Locky
- 0123456789ABCDEF
- Wow64DisableWow64FsRedirection
- kernel32.dll
- IsWow64Process
- sys
- cmd.exe /C del /Q /F "
- HTTP/1.1
- rupweuinytpmusfrdeitbeuknltf/main.php
- http://
- POST
- @_Locky_recover_instructions.bmp
- _Locky_recover_instructions.txt
- tmp
- winnt
- Application Data
- AppData
- Program Files (x86)
- Program Files
- temp
- thumbs.db
- $Recycle.Bin
- System Volume Information
- Boot
- Windows
- .m4u
- .m3u
- .mid
- .wma
- .flv
- .3g2
- .mkv
- .3gp
- .mp4
- .mov
- .avi
- .asf
- .mpeg
- .vob
- .mpg
- .wmv
- .fla
- .swf
- .wav
- .mp3
- .qcow2
- .vdi
- .vmdk
- .vmx
- .gpg
- .aes
- .ARC
- .PAQ
- .tar.bz2
- .tbk
- .bak
- .tar
- .tgz
- .gz
- .7z
- .rar
- .zip
- .djv
- .djvu
- .svg
- .bmp
- .png
- .gif
- .raw
- .cgm
- .jpeg
- .jpg
- .tif
- .tiff
- .NEF
- .psd
- .cmd
- .bat
- .sh
- .class
- .jar
- .java
- .rb
- .asp
- .cs
- .brd
- .sch
- .dch
- .dip
- .pl
- .vbs
- .vb
- .js
- .asm
- .pas
- .cpp
- .php
- .ldf
- .mdf
- .ibd
- .MYI
- .MYD
- .frm
- .odb
- .dbf
- .db
- .mdb
- .sql
- .SQLITEDB
- .SQLITE3
- .asc
- .lay6
- .lay
- .ms11 (Security copy)
- .ms11
- .sldm
- .sldx
- .ppsm
- .ppsx
- .ppam
- .docb
- .mml
- .sxm
- .otg
- .odg
- .uop
- .potx
- .potm
- .pptx
- .pptm
- .std
- .sxd
- .pot
- .pps
- .sti
- .sxi
- .otp
- .odp
- .wb2
- .123
- .wks
- .wk1
- .xltx
- .xltm
- .xlsx
- .xlsm
- .xlsb
- .slk
- .xlw
- .xlt
- .xlm
- .xlc
- .dif
- .stc
- .sxc
- .ots
- .ods
- .hwp
- .602
- .dotm
- .dotx
- .docm
- .docx
- .DOT
- .3dm
- .max
- .3ds
- .xml
- .txt
- .CSV
- .uot
- .RTF
- .pdf
- .XLS
- .PPT
- .stw
- .sxw
- .ott
- .odt
- .DOC
- .pem
- .p12
- .csr
- .crt
- .key
- wallet.dat
- !!! IMPORTANT INFORMATION !!!!
- All of your files are encrypted with RSA-2048 and AES-128 ciphers.
- More information about the RSA and AES can be found here:
- http://en.wikipedia.org/wiki/RSA_(cryptosystem)
- http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
- Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
- To receive your private key follow one of the links:
- 1. http://6dtxgqam4crv6rr6.tor2web.org/796917A6BEF99608
- 2. http://6dtxgqam4crv6rr6.onion.to/796917A6BEF99608
- 3. http://6dtxgqam4crv6rr6.onion.cab/796917A6BEF99608
- 4. http://6dtxgqam4crv6rr6.onion.link/796917A6BEF99608
- If all of this addresses are not available, follow these steps:
- 1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
- 2. After a successful installation, run the browser and wait for initialization.
- 3. Type in the address bar: 6dtxgqam4crv6rr6.onion/796917A6BEF99608
- 4. Follow the instructions on the site.
- !!! Your personal identification ID: 796917A6BEF99608 !!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement