----
FILE
----
TOOL / MALWARE					SHA256
Ransomware					c0f95af52e538164e9f47d854843a46743418587cb998e9989062619b91e6878

Ransomware					2e6f9a48d854add9f895a3737fa5fcc9d38d082466765e550cca2dc47a10618e

Exploit						0306b0b79a85711605bbbfac62ac7d040a556aa7ac9fe58d22ea2e00d51b521a
						419da91566a7b1e5720792409301fa772d9abf24dfc3ddde582888112f12937a
						6a348a5b13335e453ac34b0ed87e37a153c76a5be528a4ef4b67e988aaf03533
						4e80fa124865445719e66d917defd9c8ed3bd436162e3fbc180a12584d372442
						217f21bd9d5e92263e3a903cfcea0e6a1d4c3643eed223007a4deb630c4aee26

Ransomware					dfa32d8ed7c429b020c0581148a55bc752c35834d7a2b1bae886f2b436285c94
						c1d1402226179c66570d66290dff2238b6a9f918c81267a61d58f4807f0d911c

Ransomware					1719cf6341b7ef28d39ec21c046b0a7adaad97add8622831a5a16f96651f1c5a
						4e799cfae34e1f64633f32b35bc4aa9af6696c552870a757dee0ff5e085afb99

Ransomware					0e65657740d7f06acda53b7d3190f9728801b984d5bd6ccb0b865d218ae71f66
						3e37b9e42fb14079b16c96cde72b01aba4859d93531cad1e0a7b0a48fa7e5e06

Ransomware					a2302ae795c24392fbfac47a983cf9305f94f0d0bec557dadef663c08304aab6
						eb4bccb4905f858a06c2f3ba3fa1af33629e4235316014966f8bb759f1440468

Related Tool					6f91b25d9e2c0315dd6198d86c7f4006ad836be3e757cdd48e88b1ac77a4d99d
(binary used for privilege escalation)

----
URL
----
payment site					http://{Random characters}{mutex name}.ofideas.uno/{mutex name}&{string1}&{string2}&{string3}&{string4}&{string5}
URL hosting MAGNIBER payload			hxxp://09ci1v1c845e5bbe.freewho[.]space
						hxxp://6z8ocdn170r05x55.freewho[.]space
						hxxp://14fo5cicjbfb6kb.fitsour[.]top
						hxxp://423v5e3i27c.fitsour[.]top
						hxxp://13heb2x46a2f3r3.flewmen[.]tech
						hxxp://6qay44e0ffc0se.failsum[.]fun
						hxxp://cfdyc4b8b3d3s38p1r.failsum[.]fun
						hxxp://2bf4ce637gcifn.getsbad[.]site
						hxxp://fac0c1mb1d32van.getsbad[.]site