Ransom Notes: Risen_Guide.hta

<doctype html><html><head><hta:application applicationname="Application Name" border="none" caption="No" contextmenu="No" maximizebutton="No" minimizebutton="No" navigable="No" scroll="Yes" selection="No" showintaskbar="No" windowstate="Maximize"><meta name="viewport" content="width=device-width"><meta http-equiv="x-ua-compatible" content="ie=9"><title>Risen</title><style type="text/css">*{box-sizing:border-box;margin:0;padding:0}body{background-color:#000;margin:0 auto;color:#e2e8f0;padding:1.25rem 0;width:90%;font-family:sans-serif}.logo{text-align:center}.logo>svg{fill:red;width:8rem;height:8rem}.first-title{border-radius:.25rem;font-size:1.875rem;line-height:2.25rem;text-align:center;text-transform:uppercase;margin:2rem 0}.first-title span{font-weight:700;color:#dc2626}.first-box{font-size:1.2rem;position:relative;padding:1.5rem;margin-top:1rem;border:4px dotted #ef4444;text-align:center}.first-box>p:first-child{position:absolute;left:1rem;top:-1.9rem;padding:.75rem;font-size:1.125rem;line-height:1.75rem;background-color:#000}.first-box span{color:#dc2626}.sec-title{position:absolute;top:-.25rem;left:50%;transform:translate(-50%,-50%);padding-left:1rem;padding-right:1rem;font-size:1.125rem;line-height:1.75rem;background-color:#000}.sec-box{width:100%;white-space:nowrap;height:350px;margin-top:2.5rem}.contactus,.attention{padding:10px;white-space:normal;height:100%;position:relative}.contactus{word-wrap:break-word;padding-top:20px;margin-right:20px;width:30%;float:left;font-size:17px;border:4px dotted #3b82f6;background-color:rgba(59,130,246,.1)}.attention{word-wrap:break-word;float:left;width:68.5%;font-size:22px;border:4px dotted #ef4444;background-color:rgba(239,68,68,.1)}.attention ul{word-wrap:break-word;width:100%;position:absolute;top:50%;transform:translateY(-50%);list-style-position:inside}@media only screen and (min-width:2000px){.logo>svg{width:10rem;height:10rem}.first-title{font-size:2.8rem}.first-box{font-size:2rem}.sec-box{height:500px}.attention ul li{font-size:30px;line-height:37px}.contactus{padding:30px;font-size:26px}.sec-title,.first-box>p:first-child{font-size:2rem}}@media only screen and (min-width:2900px){.logo>svg{width:14rem;height:14rem}.first-title{font-size:3.5rem}.first-box{font-size:2.9rem}.sec-box{height:700px}.attention ul li{font-size:42px;line-height:55px}.contactus{padding:35px;font-size:35px}}@media only screen and (max-width:1480px){.sec-box{white-space:normal;height:fit-content}.contactus,.attention{width:100%;display:block;float:none}.contactus{padding:2rem;font-size:1.2rem}.attention{margin-top:30px;font-size:1.2rem}.attention ul{position:static;transform:none;line-height:2}}</style></head><body><div class="logo"><svg width="502pt" height="465pt" version="1.0" viewBox="0 0 502 465" xmlns="http://www.w3.org/2000/svg"><g transform="translate(0 465) scale(.1 -.1)"><path d="m2085 4385c-5-2-37-11-70-21s-76-27-95-38c-46-27-142-105-155-125-5-9-23-31-39-48-35-39-56-79-56-105 0-19 45-68 63-68 4 0 27-9 49-20 23-11 45-20 49-20 5 0 28-13 52-30 25-16 48-30 52-30 27 0 224-188 306-292 31-39 110-200 134-273 51-152 49-89 55-1620 3-786 6-1430 8-1431 1-1 10-10 20-21 54-62 140-51 183 23 16 27 18 120 18 1413 1 847-3 1406-9 1440-5 31-14 88-20 126-13 78-48 190-83 262-76 157-227 362-315 427-26 19-60 48-76 65-17 17-35 31-41 31-7 0-20 9-30 20s-23 20-30 20-20 9-31 21c-18 20-18 21 1 32 42 24 160 49 205 43 103-14 163-50 289-173 47-47 97-90 111-98 22-11 146-20 235-16 64 2 65 65 2 108-18 12-94 83-171 158-76 74-142 135-146 135-5 0-15 6-22 13-26 25-89 56-154 77-50 15-92 20-173 19-58 0-110-2-116-4z"/><path d="m1245 3790c-188-31-359-127-500-282-78-84-142-222-177-378-6-27-13-361-16-822l-7-777-29-30c-15-16-41-35-56-41-37-15-50-48-50-130 0-57 4-74 20-90 23-23 29-23 90-7 91 25 153 64 190 120 83 125 83 115 78 987-3 804-5 784 63 914 37 72 107 166 123 166 7 0 23 12 37 26 31 34 189 109 257 123 105 22 217 12 302-26 195-87 315-218 371-403 19-63 21-1874 2-1911-7-13-24-55-38-94-14-38-34-79-44-90-55-63-63-104-30-159 21-36 77-76 108-76 73 0 186 186 222 366 21 106 21 130 23 1014 1 1027 5 968-82 1150-40 83-145 225-176 239-5 2-26 19-46 37-21 19-43 34-49 34s-11 4-11 8c0 12-179 99-220 107-19 4-40 11-45 16-15 12-251 19-310 9z"/><path d="m3595 3790c-131-20-240-66-381-161-82-56-186-183-228-279-15-36-34-78-41-95-37-82-38-118-42-965-4-927 1-1072 42-1195 29-85 76-175 112-215 13-14 23-28 23-31 0-10 69-49 86-49 22 0 111 87 118 116 7 27-15 83-48 124-42 52-86 157-98 234-6 35-12 423-15 896-4 815-4 837 16 930 12 52 25 98 31 104 5 5 10 16 10 23 0 19 63 109 112 161 159 168 401 235 593 163 195-73 328-207 393-396 28-80 35-294 29-870-7-687-3-787 36-865 32-65 76-116 132-152 44-29 141-53 169-42 23 9 36 45 36 102 0 72-16 117-48 132-15 8-42 27-59 44l-33 30v750c0 774-2 821-41 946-18 54-88 191-122 235-44 58-150 165-163 165-6 0-19 9-29 20s-22 20-26 20-30 14-57 31c-52 32-182 76-267 89-60 10-172 10-240 0z"/><path d="m1253 3291c-23-9-53-26-68-39-14-12-29-22-33-22-24 0-97-105-112-160-9-34-15-740-10-1322 0-24 4-28 27-28 14 0 33 7 42 15s39 37 66 63c28 26 57 56 65 66 13 16 16 103 20 583l5 564 43 41c40 37 47 40 84 35 28-4 51-16 72-36l31-31 6-840h33c21 0 42 8 57 23 50 48 116 123 127 144 17 30 16 621 0 695-14 65-65 145-121 190-88 71-237 98-334 59z"/><path d="m3595 3287c-76-34-128-73-163-123-57-80-62-121-62-484v-325l36-40c66-76 149-155 161-155 7 0 15 10 18 23 4 12 7 203 8 422 2 383 3 401 22 427 28 39 79 61 118 53 44-10 85-51 94-94 4-20 7-272 7-561 1-504 2-527 21-565 11-22 32-46 48-53 15-7 27-20 27-28 0-7 7-14 15-14s15-7 15-15c0-19 56-48 80-40 13 4 19 18 22 49 1 23 1 328-2 677-5 686-3 651-58 721-34 43-106 108-120 108-4 0-27 9-50 20-58 28-169 27-237-3z"/></g></svg></div><div class="first-title"><p>All Your <span>Important Files</span> Have Been Encrypted</p></div><div class="first-box"><p>NOTE</p><p>We have also taken your critical documents and files from different parts<br>of your network, which we will <span>leak or sell</span> if there is no cooperation from your side.</p><p>Our operators have been <span>monitoring</span> your business for a while, when we say these documents are critical, we mean it.</p><p><span>We await</span> for your response before the deadline ends, After that<span> we will continue the process of leaking or selling your documents.</span></p><p>We assure you that this won't happen if you cooperate with us.</p></div><div class="sec-box"><div class="contactus"><div class="sec-title">CONTACT US</div><p>For more instructions, to save your files and your business, contact us by :<br></p><br><p>Email address :<br><b>dectokyo@onionmail.org , TELEGRAM:@tokyosupp</b></p><br><p>didn't get any response in 24 hours ? use : <br><b>dectokyo@cock.li</b> </p><br><p>Leave subject as your machine id  "<b>[snip]</b>"</p><br><p>If you didn't get any respond within 72 hours use our blog to contact us, therefore we can create another way for you to contact your cryptor as soon as possible.</p><a href="http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/" style="color:#00f">http://s2wk77h653qn54csf4gp52orhem4y72dgxsquxulf255pcymazeepbyd.onion/</a></div><div class="attention"><div class="sec-title">ATTENTION</div><ul><li>Do not rename or change info of any file, in case of any changes in files after encryption there is a huge risk for making it unusable</li><li>Do not pay any amount of money before receiving decrypted test files</li><li>there might be many middle man services out there whom will contact us for your case and they will make a profit<br>&nbsp&nbsp&nbsp&nbsp&nbspby adding a sort of money to the fixed price</li><li>any attempts for decrypting your files through third party softwares will cause permanent damage to following files and permanent data loss</li><li>there will be a deadline until your data get sold or leaked by our team,you better corporate with us<br>&nbsp&nbsp&nbsp&nbsp&nbspbefore the following deadline otherwise we will proceed to sell or leak your data without any past warnings</li></ul></div></div></body></html>

Indicators of Compromise