A highly effective ransomware designed for speed, deep penetration and cryptographically strong file locking, making recovery without a unique private key computationally infeasible. It also has the ability to enable notifications of successful locks via a telegram bot.
It initializes by importing the main RSA-4096 public key. It collects victim identifiers (computer name, IP, location), generates a unique victim identifier and immediately begins aggressive multi-threaded operations. Separate threads scan all available drives (fixed, network, removable, excluding only CD-ROM), skipping only the main Windows system directory, the Recycle Bin and its own log/readme files. All other file types found are queued. Worker threads extract files from this queue, performing the main encryption.
download:*** Hidden text: cannot be quoted. ***
