Source: /usr/bin/zip (PID: 645) | User file deleted: /Users//Shared/.localized.crypt |
Source: /usr/bin/zip (PID: 647) | User file deleted: /Users//Shared/adi.crypt |
Source: /usr/bin/zip (PID: 651) | User file deleted: /Users//Shared/adi/adi-000001F5.pb.crypt |
Source: /bin/rm (PID: 652) | User file deleted: /Users//Shared/adi/adi-000001F5.pb |
Source: /usr/bin/zip (PID: 654) | User file deleted: /Users//Shared/adi/adi-000001F5.pb.lck.crypt |
Source: /bin/rm (PID: 655) | User file deleted: /Users//Shared/adi/adi-000001F5.pb.lck |
Source: /usr/bin/zip (PID: 657) | User file deleted: /Users//Shared/adi/adi.pb.crypt |
Source: /bin/rm (PID: 658) | User file deleted: /Users//Shared/adi/adi.pb |
Source: /usr/bin/zip (PID: 660) | User file deleted: /Users//Shared/adi/adi.pb.lck.crypt |
Source: /bin/rm (PID: 661) | User file deleted: /Users//Shared/adi/adi.pb.lck |
Source: /usr/bin/zip (PID: 663) | User file deleted: /Users//Shared/SC Info.crypt |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: /Users/vreni/Documents/README!.txt -> not your language? use https://translate.google.comwhat happened to your files ?all of your files were protected by a strong encryption method.what do i do ?so , there are two ways you can choose: wait for a miracle or start obtaining bitcoin now! , and restore your data the easy wayif you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a paymentfollow these steps:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/buying_bitcoins_(the_newbie_version)2)send 0.25 btc to 1ezrvz1kl7sqfemkh3p1vmtomyzbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (if you can not wait 24 hours make a payment of 0.45 btc your files will be unlocked in max 10 minutes)keep in mind that your decryption key wi |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: /Users/vreni/Downloads/README!.txt -> not your language? use https://translate.google.comwhat happened to your files ?all of your files were protected by a strong encryption method.what do i do ?so , there are two ways you can choose: wait for a miracle or start obtaining bitcoin now! , and restore your data the easy wayif you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a paymentfollow these steps:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/buying_bitcoins_(the_newbie_version)2)send 0.25 btc to 1ezrvz1kl7sqfemkh3p1vmtomyzbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (if you can not wait 24 hours make a payment of 0.45 btc your files will be unlocked in max 10 minutes)keep in mind that your decryption key wi |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: /Users/vreni/Movies/README!.txt -> not your language? use https://translate.google.comwhat happened to your files ?all of your files were protected by a strong encryption method.what do i do ?so , there are two ways you can choose: wait for a miracle or start obtaining bitcoin now! , and restore your data the easy wayif you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a paymentfollow these steps:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/buying_bitcoins_(the_newbie_version)2)send 0.25 btc to 1ezrvz1kl7sqfemkh3p1vmtomyzbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (if you can not wait 24 hours make a payment of 0.45 btc your files will be unlocked in max 10 minutes)keep in mind that your decryption key will |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: /Users/vreni/Pictures/README!.txt -> not your language? use https://translate.google.comwhat happened to your files ?all of your files were protected by a strong encryption method.what do i do ?so , there are two ways you can choose: wait for a miracle or start obtaining bitcoin now! , and restore your data the easy wayif you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a paymentfollow these steps:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/buying_bitcoins_(the_newbie_version)2)send 0.25 btc to 1ezrvz1kl7sqfemkh3p1vmtomyzbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (if you can not wait 24 hours make a payment of 0.45 btc your files will be unlocked in max 10 minutes)keep in mind that your decryption key wil |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: /Users/vreni/Music/README!.txt -> not your language? use https://translate.google.comwhat happened to your files ?all of your files were protected by a strong encryption method.what do i do ?so , there are two ways you can choose: wait for a miracle or start obtaining bitcoin now! , and restore your data the easy wayif you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a paymentfollow these steps:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/buying_bitcoins_(the_newbie_version)2)send 0.25 btc to 1ezrvz1kl7sqfemkh3p1vmtomyzbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (if you can not wait 24 hours make a payment of 0.45 btc your files will be unlocked in max 10 minutes)keep in mind that your decryption key will n |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: /Users/vreni/Public/README!.txt -> not your language? use https://translate.google.comwhat happened to your files ?all of your files were protected by a strong encryption method.what do i do ?so , there are two ways you can choose: wait for a miracle or start obtaining bitcoin now! , and restore your data the easy wayif you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a paymentfollow these steps:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/buying_bitcoins_(the_newbie_version)2)send 0.25 btc to 1ezrvz1kl7sqfemkh3p1vmtomyzbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (if you can not wait 24 hours make a payment of 0.45 btc your files will be unlocked in max 10 minutes)keep in mind that your decryption key will |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Notice file created: /Users/vreni/README!.txt -> not your language? use https://translate.google.comwhat happened to your files ?all of your files were protected by a strong encryption method.what do i do ?so , there are two ways you can choose: wait for a miracle or start obtaining bitcoin now! , and restore your data the easy wayif you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a paymentfollow these steps:1) learn how to buy bitcoin https://en.bitcoin.it/wiki/buying_bitcoins_(the_newbie_version)2)send 0.25 btc to 1ezrvz1kl7sqfemkh3p1vmtomyzbfhznkb3)send your btc address and your ip (you can get your ip here https://www.whatismyip.com) via mail to rihofoj@mailinator.com4)leave your computer on and connected to the internet for the next 24 hours after payment, your files will be unlocked. (if you can not wait 24 hours make a payment of 0.45 btc your files will be unlocked in max 10 minutes)keep in mind that your decryption key will not be |
Source: /usr/bin/find (PID: 641) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users/.crypt /Users/ |
Source: /usr/bin/find (PID: 642) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//.localized.crypt /Users//.localized |
Source: /usr/bin/find (PID: 643) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//root.crypt /Users//root |
Source: /usr/bin/find (PID: 644) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared.crypt /Users//Shared |
Source: /usr/bin/find (PID: 645) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared/.localized.crypt /Users//Shared/.localized |
Source: /usr/bin/find (PID: 647) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared/adi.crypt /Users//Shared/adi |
Source: /usr/bin/find (PID: 651) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared/adi/adi-000001F5.pb.crypt /Users//Shared/adi/adi-000001F5.pb |
Source: /usr/bin/find (PID: 654) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared/adi/adi-000001F5.pb.lck.crypt /Users//Shared/adi/adi-000001F5.pb.lck |
Source: /usr/bin/find (PID: 657) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared/adi/adi.pb.crypt /Users//Shared/adi/adi.pb |
Source: /usr/bin/find (PID: 660) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared/adi/adi.pb.lck.crypt /Users//Shared/adi/adi.pb.lck |
Source: /usr/bin/find (PID: 663) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//Shared/SC Info.crypt /Users//Shared/SC Info |
Source: /usr/bin/find (PID: 665) | Touch executable: /usr/local/bin/zip -> zip -0 -P ZLwTBLsKGSg2Opc8mPrUNimCw /Users//vreni.crypt /Users//vreni |
Source: global traffic | TCP traffic: 192.168.0.50:49280 -> 17.252.92.24:5223 |
Source: global traffic | TCP traffic: 192.168.0.50:49279 -> 17.188.165.208:5223 |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Random device file read: /dev/random |
Source: /usr/bin/zip (PID: 645) | Random device file read: /dev/random |
Source: /usr/bin/zip (PID: 647) | Random device file read: /dev/random |
Source: /usr/bin/zip (PID: 651) | Random device file read: /dev/random |
Source: /usr/bin/zip (PID: 654) | Random device file read: /dev/random |
Source: /usr/bin/zip (PID: 657) | Random device file read: /dev/random |
Source: /usr/bin/zip (PID: 660) | Random device file read: /dev/random |
Source: /usr/bin/zip (PID: 663) | Random device file read: /dev/random |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist |
Source: /usr/bin/zip (PID: 645) | Hidden file created: /Users//Shared/.localized.crypt |
Source: /usr/bin/zip (PID: 645) | Hidden file moved: /Users//Shared/zi7QDh7F -> /Users//Shared/.localized.crypt |
Source: /usr/bin/find (PID: 626) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users/vreni/Documents/README!.txt |
Source: /usr/bin/find (PID: 628) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users/vreni/Downloads/README!.txt |
Source: /usr/bin/find (PID: 630) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users/vreni/Movies/README!.txt |
Source: /usr/bin/find (PID: 632) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users/vreni/Pictures/README!.txt |
Source: /usr/bin/find (PID: 634) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users/vreni/Music/README!.txt |
Source: /usr/bin/find (PID: 636) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users/vreni/Public/README!.txt |
Source: /usr/bin/find (PID: 638) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users/vreni/README!.txt |
Source: /usr/bin/find (PID: 653) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users//Shared/adi/adi-000001F5.pb.crypt |
Source: /usr/bin/find (PID: 656) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users//Shared/adi/adi-000001F5.pb.lck.crypt |
Source: /usr/bin/find (PID: 659) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users//Shared/adi/adi.pb.crypt |
Source: /usr/bin/find (PID: 662) | Touch executable: /usr/local/bin/touch -> touch -mt 201002130000 /Users//Shared/adi/adi.pb.lck.crypt |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices.plist |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Preferences launchservices plist file read: /Users/vreni/Library/Preferences/com.apple.LaunchServices/com.apple.launchservices.secure.plist |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | AppleScript framework/component info plist opened: /System/Library/Components/AppleScript.component/Contents/Info.plist |
Source: /usr/bin/zip (PID: 645) | ZIP file created: /Users/Shared/zi7QDh7F |
Source: /usr/bin/zip (PID: 647) | ZIP file created: /Users/Shared/ziVE84OT |
Source: /usr/bin/zip (PID: 651) | ZIP file created: /Users/Shared/adi/zibSi5ej |
Source: /usr/bin/zip (PID: 654) | ZIP file created: /Users/Shared/adi/zitlrfNu |
Source: /usr/bin/zip (PID: 657) | ZIP file created: /Users/Shared/adi/zii615bE |
Source: /usr/bin/zip (PID: 660) | ZIP file created: /Users/Shared/adi/zicf7gy6 |
Source: /usr/bin/zip (PID: 663) | ZIP file created: /Users/Shared/ziBbYxNR |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | File created in download directory: /Users/vreni/Downloads/README!.txt |
Source: /usr/bin/find (PID: 646) | Rm executable: /usr/local/bin/rm -> rm /Users//Shared/.localized |
Source: /usr/bin/find (PID: 649) | Rm executable: /Library/Frameworks/Python.framework/Versions/2.7/bin/rm -> rm /Users//Shared/adi |
Source: /usr/bin/find (PID: 652) | Rm executable: /usr/local/bin/rm -> rm /Users//Shared/adi/adi-000001F5.pb |
Source: /usr/bin/find (PID: 655) | Rm executable: /usr/local/bin/rm -> rm /Users//Shared/adi/adi-000001F5.pb.lck |
Source: /usr/bin/find (PID: 658) | Rm executable: /usr/local/bin/rm -> rm /Users//Shared/adi/adi.pb |
Source: /usr/bin/find (PID: 661) | Rm executable: /usr/local/bin/rm -> rm /Users//Shared/adi/adi.pb.lck |
Source: /usr/bin/find (PID: 664) | Rm executable: /usr/local/bin/rm -> rm /Users//Shared/SC Info |
Source: classification engine | Classification label: mal60.rans.troj.macAPP@0/38@0/0 |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl read request: kern.safeboot (1.66) |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl read request: hw.availcpu (6.25) |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl requested: kern.ostype (1.1) |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl requested: kern.osrelease (1.2) |
Source: /Users/vreni/Desktop/unpack/Office 2016 Patcher.app/Contents/MacOS/Office 2016 Patcher (PID: 621) | Sysctl requested: kern.hostname (1.10) |