The generated size of 0x20 bytes will be used as the key first, and the file name will be encrypted using RC4.
Then, the RC4 encrypted file name data is non-standard Base64 encoded. The encoded string is the random file name after the file encryption. For example, the file name cef_100_percent.pak in the following figure will be renamed to iDQbLSy99iHpsRqiT2f7kwmrQhhHKOcKFaq5TnhlZgEX5gLATUo.cov
File encryption uses the AES-256 CBC mode. The previously generated 0x10 byte data will be used as the IV again, and the 0x20 byte random data will be used as the Key to encrypt the file content.
After the file content is encrypted, the randomly generated 0x30 bytes of data are spliced ββtogether using the locally generated RSA 512 Public Key for encryption, and finally appended to the end of the file, because the RSA 512 Private Key information is encrypted by the hard-coded RSA 2048 Public Key The Zlib compressed Base64 code is stored in the ransom note and the plain text cannot be obtained, so the encrypted file cannot be decrypted without the private key.
π¦Other behavior analysis
The author of the virus is suspected to be from a Russian-speaking country. The virus encryption will avoid the following regions 0x7 (Russia), 0x177 (Belarus), 0x17C (Ukraine)
The author of the virus is suspected to be from a Russian-speaking country. The virus encryption will avoid the following regions 0x7 (Russia), 0x177 (Belarus), 0x17C (Ukraine)
The virus encrypts a large number of extended suffix files, including almost all data file types:
Because the virus will delete the system backup, the file shadow information, and the encrypted file cannot be recovered by file recovery. A large number of files in the system will be encrypted in the form of "garbled. Cov19", and the virus will modify the file modification time. Reset to prevent the possibility of time-related random generation parameters being blasted.
> In the actual attack environment of the virus, tools such as processhacker (a security analysis tool), NetworkShare v.2.exe (network share scanning) left by the attacker were also found, which shows that the attacker is not satisfied with only encryption One machine, the attacker will also try to scan and attack other machines in the LAN to expand the results.
> In the actual attack environment of the virus, tools such as processhacker (a security analysis tool), NetworkShare v.2.exe (network share scanning) left by the attacker were also found, which shows that the attacker is not satisfied with only encryption One machine, the attacker will also try to scan and attack other machines in the LAN to expand the results.
π¦ This ransomware is for learn, don't use it for illegal subjectsβ οΈ
- don't clone our tutorials πΏ
- don't clone our tutorials πΏ
Forwarded from Backup Legal Mega
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ
π¦Web editor Bluefish based on Linux text mode :
1) γγBluefish advertises itself as "an editor for skilled web designers and programmers", but its UI is very intuitive, and any beginner is quick enough to get started and discover and Master its other functions. If you need a text editor that can design Web code, then it will be a very good software. It gives me the overall impression that it is professional but not intimidating, and the combination of text and icons is very good.
2) γγBluefish provides many common HTML task options, such as fonts, tables, etc., and of course, links. This software uses a less common "link description" (anchor) to indicate clickable links. The "Link description" dialog box even provides Java script event functions such as OnClick and OnMouseover.
3) γγIt also has other dialogs to create text in PHP and SQL tasks, just like many Apache and C options, you can also group files by project for development. The search and replace function is also very good, it also supports regular expressions, you can also customize the syntax highlighting for multiple languages.
4) γγLet me talk about some of its shortcomings. If you need some documentation help, then you need to open a description file separately, because the help is not integrated with this application. Its instructions are very extensive, if you are patient enough, you can certainly find what you want. For example, for me, spell check didn't let me find it quickly, but after I read the instructions, I found that you have to install a separate open source Aspell application to be able to do spell check.
5) γγMacros are operated through a "custom menu", where you can create your own text strings, HTML opening and closing tags, or search and replace commands. The creation of text strings includes some dialog boxes with additional functions, which are very simple when used.
6)γγSome disappointment is that in such an intuitive interface, I did not find the "Edit" custom menu for the created macro, but if you refer to the steps on the instructions, then everything is clear. The macro function may not be as powerful as some other applications. For example, I cannot find how to use other Bluefish commands in the custom menu, but they are very convenient for repeated input.
7)γγFinally, Bluefish does not position itself as an application for writing purposes, nor does it have some text manipulation commands, such as changing capital letters or merging or splitting lines.
8) γγThat is to say, if you are looking for a moderately functional text-based Web code editing application, Bluefish is definitely worth a try.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Web editor Bluefish based on Linux text mode :
1) γγBluefish advertises itself as "an editor for skilled web designers and programmers", but its UI is very intuitive, and any beginner is quick enough to get started and discover and Master its other functions. If you need a text editor that can design Web code, then it will be a very good software. It gives me the overall impression that it is professional but not intimidating, and the combination of text and icons is very good.
2) γγBluefish provides many common HTML task options, such as fonts, tables, etc., and of course, links. This software uses a less common "link description" (anchor) to indicate clickable links. The "Link description" dialog box even provides Java script event functions such as OnClick and OnMouseover.
3) γγIt also has other dialogs to create text in PHP and SQL tasks, just like many Apache and C options, you can also group files by project for development. The search and replace function is also very good, it also supports regular expressions, you can also customize the syntax highlighting for multiple languages.
4) γγLet me talk about some of its shortcomings. If you need some documentation help, then you need to open a description file separately, because the help is not integrated with this application. Its instructions are very extensive, if you are patient enough, you can certainly find what you want. For example, for me, spell check didn't let me find it quickly, but after I read the instructions, I found that you have to install a separate open source Aspell application to be able to do spell check.
5) γγMacros are operated through a "custom menu", where you can create your own text strings, HTML opening and closing tags, or search and replace commands. The creation of text strings includes some dialog boxes with additional functions, which are very simple when used.
6)γγSome disappointment is that in such an intuitive interface, I did not find the "Edit" custom menu for the created macro, but if you refer to the steps on the instructions, then everything is clear. The macro function may not be as powerful as some other applications. For example, I cannot find how to use other Bluefish commands in the custom menu, but they are very convenient for repeated input.
7)γγFinally, Bluefish does not position itself as an application for writing purposes, nor does it have some text manipulation commands, such as changing capital letters or merging or splitting lines.
8) γγThat is to say, if you are looking for a moderately functional text-based Web code editing application, Bluefish is definitely worth a try.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How speedup google chrome browser :
1) Keep security software up to date
2) Try the Chrome Cleanup Tool
3) Disable unused extensions and plug-ins
4) use always last update of broser app
5) Clear your browsing data from google chrome settings
6) those tips can used for any browser not only the official oneπ
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How speedup google chrome browser :
1) Keep security software up to date
2) Try the Chrome Cleanup Tool
3) Disable unused extensions and plug-ins
4) use always last update of broser app
5) Clear your browsing data from google chrome settings
6) those tips can used for any browser not only the official oneπ
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
ATM Hack - Get Much More Money Than You Withdraw.pdf
33 KB
Forwarded from Backup Legal Mega
ATM Hack - Get Much More Money Than You Withdraw_2.pdf
33 KB