API tools faq
paste
Advertisement
Matthewm

Locky junk

Matthewm
Feb 16th, 2016
917
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.81 KB | None | 0 0
raw download clone embed print report
  1. Locky Ransomware:
  2. http://www.iglobali.com/34gf5y/r34f3345g.exe
  3. http://www.southlife.church/34gf5y/r34f3345g.exe
  4. http://www.villaggio.airwave.at/34gf5y/r34f3345g.exe
  5. http://www.jesusdenazaret.com.ve/34gf5y/r34f3345g.exe
  6. http://66.133.129.5/~chuckgilbert/09u8h76f/65fg67n
  7. http://173.214.183.81/~tomorrowhope/09u8h76f/65fg67n
  8. http://iynus.net/~test/09u8h76f/65fg67n
  9.  
  10.  
  11. regkeys:
  12. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Locky
  13. HKEY_CURRENT_USER\Software\Locky\paytext
  14.  
  15. Commandline:
  16. "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_Locky_recover_instructions.txt
  17.  
  18. Strings:
  19. 86.104.134.144
  20. \_Locky_recover_instructions.txt
  21. &length=
  22. &failed=
  23. &encrypted=
  24. &act=stats&path=
  25. id=
  26. &act=report&data=
  27. Windows 2000
  28. Windows XP
  29. Windows 2003
  30. Windows 2003 R2
  31. Windows Vista
  32. Windows Server 2008
  33. Windows 7
  34. Windows Server 2008 R2
  35. Windows 8
  36. Windows Server 2012
  37. Windows 8.1
  38. Windows Server 2012 R2
  39. Windows 10
  40. Windows Server 2016 Technical Preview
  41. unknown
  42. &x64=
  43. &sp=
  44. &os=
  45. &serv=
  46. &corp=
  47. &lang=
  48. &act=getkey&affid=
  49. Tahoma
  50. \_Locky_recover_instructions.bmp
  51. Control Panel\Desktop
  52. WallpaperStyle
  53. TileWallpaper
  54. open
  55. Software\Locky
  56. pubkey
  57. paytext
  58. completed
  59. svchost.exe
  60. :Zone.Identifier
  61. &act=gettext&lang=
  62. vssadmin.exe Delete Shadows /All /Quiet
  63. Software\Microsoft\Windows\CurrentVersion\Run
  64. Locky
  65. Locky
  66. 0123456789ABCDEF
  67. Wow64DisableWow64FsRedirection
  68. kernel32.dll
  69. IsWow64Process
  70. sys
  71. cmd.exe /C del /Q /F "
  72. HTTP/1.1
  73. rupweuinytpmusfrdeitbeuknltf/main.php
  74. http://
  75. POST
  76. @_Locky_recover_instructions.bmp
  77. _Locky_recover_instructions.txt
  78. tmp
  79. winnt
  80. Application Data
  81. AppData
  82. Program Files (x86)
  83. Program Files
  84. temp
  85. thumbs.db
  86. $Recycle.Bin
  87. System Volume Information
  88. Boot
  89. Windows
  90. .m4u
  91. .m3u
  92. .mid
  93. .wma
  94. .flv
  95. .3g2
  96. .mkv
  97. .3gp
  98. .mp4
  99. .mov
  100. .avi
  101. .asf
  102. .mpeg
  103. .vob
  104. .mpg
  105. .wmv
  106. .fla
  107. .swf
  108. .wav
  109. .mp3
  110. .qcow2
  111. .vdi
  112. .vmdk
  113. .vmx
  114. .gpg
  115. .aes
  116. .ARC
  117. .PAQ
  118. .tar.bz2
  119. .tbk
  120. .bak
  121. .tar
  122. .tgz
  123. .gz
  124. .7z
  125. .rar
  126. .zip
  127. .djv
  128. .djvu
  129. .svg
  130. .bmp
  131. .png
  132. .gif
  133. .raw
  134. .cgm
  135. .jpeg
  136. .jpg
  137. .tif
  138. .tiff
  139. .NEF
  140. .psd
  141. .cmd
  142. .bat
  143. .sh
  144. .class
  145. .jar
  146. .java
  147. .rb
  148. .asp
  149. .cs
  150. .brd
  151. .sch
  152. .dch
  153. .dip
  154. .pl
  155. .vbs
  156. .vb
  157. .js
  158. .asm
  159. .pas
  160. .cpp
  161. .php
  162. .ldf
  163. .mdf
  164. .ibd
  165. .MYI
  166. .MYD
  167. .frm
  168. .odb
  169. .dbf
  170. .db
  171. .mdb
  172. .sql
  173. .SQLITEDB
  174. .SQLITE3
  175. .asc
  176. .lay6
  177. .lay
  178. .ms11 (Security copy)
  179. .ms11
  180. .sldm
  181. .sldx
  182. .ppsm
  183. .ppsx
  184. .ppam
  185. .docb
  186. .mml
  187. .sxm
  188. .otg
  189. .odg
  190. .uop
  191. .potx
  192. .potm
  193. .pptx
  194. .pptm
  195. .std
  196. .sxd
  197. .pot
  198. .pps
  199. .sti
  200. .sxi
  201. .otp
  202. .odp
  203. .wb2
  204. .123
  205. .wks
  206. .wk1
  207. .xltx
  208. .xltm
  209. .xlsx
  210. .xlsm
  211. .xlsb
  212. .slk
  213. .xlw
  214. .xlt
  215. .xlm
  216. .xlc
  217. .dif
  218. .stc
  219. .sxc
  220. .ots
  221. .ods
  222. .hwp
  223. .602
  224. .dotm
  225. .dotx
  226. .docm
  227. .docx
  228. .DOT
  229. .3dm
  230. .max
  231. .3ds
  232. .xml
  233. .txt
  234. .CSV
  235. .uot
  236. .RTF
  237. .pdf
  238. .XLS
  239. .PPT
  240. .stw
  241. .sxw
  242. .ott
  243. .odt
  244. .DOC
  245. .pem
  246. .p12
  247. .csr
  248. .crt
  249. .key
  250. wallet.dat
  251.  
  252. !!! IMPORTANT INFORMATION !!!!
  253. All of your files are encrypted with RSA-2048 and AES-128 ciphers.
  254. More information about the RSA and AES can be found here:
  255. http://en.wikipedia.org/wiki/RSA_(cryptosystem)
  256. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
  257.  
  258. Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
  259. To receive your private key follow one of the links:
  260. 1. http://6dtxgqam4crv6rr6.tor2web.org/796917A6BEF99608
  261. 2. http://6dtxgqam4crv6rr6.onion.to/796917A6BEF99608
  262. 3. http://6dtxgqam4crv6rr6.onion.cab/796917A6BEF99608
  263. 4. http://6dtxgqam4crv6rr6.onion.link/796917A6BEF99608
  264. If all of this addresses are not available, follow these steps:
  265. 1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
  266. 2. After a successful installation, run the browser and wait for initialization.
  267. 3. Type in the address bar: 6dtxgqam4crv6rr6.onion/796917A6BEF99608
  268. 4. Follow the instructions on the site.
  269. !!! Your personal identification ID: 796917A6BEF99608 !!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!