GeneralInformation

Hostnames	mail.iad.gov.uz
Domains	gov.uz
Country	Uzbekistan
City	Tashkent
Organization	Uzbektelekom Joint Stock Company
ISP	"Uzbektelekom" Joint Stock Company
ASN	AS8193
Operating System	Windows 7 Ultimate

OpenPorts

554 3389 8089 10243

1718633480 | 2025-01-10T00:32:39.491750

3389 / tcp

Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\t\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
  OS: Windows 7/Windows Server 2008 R2
  OS Build: 6.1.7601
  Target Name: ARCYANGITAXI
  NetBIOS Domain Name: ARCYANGITAXI
  NetBIOS Computer Name: ARCYANGITAXI
  DNS Domain Name: ArcyangiTaxi
  FQDN: ArcyangiTaxi

Redeemer Ransomware - Your Data Is Encrypted
8888888b. 888
888 Y88b 888
Fit ol ete 888
888 d88P .d88b. .d88888 .d88b. .d88b. 88888b.d88b. .d88b. 888d888
8888888P d8P Y8b d88 888 d8P Y8b d8P Y8b 888 888 88b d8P Y8b 888P
888 T88b 88888888 888 888 88888888 88888888 888 888 888 88888888 888
888 T88b Y8b. Y88b888Y8b. Y8b. 888 888 888 Y8b. 888
888 T88b Y8888 Y88888 Y8888 Y8888 888 888 888 Y8888 888
Made by Cerebrate
Visit the official Redeemer Ransomware Tor website -
redeemergd6gjtzgiufSjgpkk6i3xybkhsldzjoyjaxivyzinhvm:Rad.onion
(Question 1) What happened to my computer
I cannot access my files and they have changed their extension
(Answer 1) Your files have been encrypted by Redeemer, a Darknet ransomware operation.
(Question 2) Is there any way to recover my files2
(Answer 2 Yes, you can recover your files. This will however cost you money in Monero (XMR).
CAT le lo) WA Ere Es

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:44:76:d6:7e:ad:22:ba:4c:e5:f7:11:41:e2:7d:46
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=ArcyangiTaxi
        Validity
            Not Before: Oct 28 08:00:17 2024 GMT
            Not After : Apr 29 08:00:17 2025 GMT
        Subject: CN=ArcyangiTaxi
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a1:e0:8a:f0:f2:e2:1f:5f:bd:19:2d:d6:98:98:
                    fc:f9:d1:78:90:2f:8a:bf:b8:9e:c7:0b:b3:ad:a7:
                    61:35:4a:9c:a6:49:40:86:2b:2d:7a:d6:d1:3a:00:
                    3a:26:af:7f:cb:17:a2:b5:80:55:76:88:4e:8a:c4:
                    07:2d:cd:6e:d7:87:3f:24:75:73:c1:4e:c7:ac:9c:
                    71:69:f9:a1:d9:35:ea:28:88:d6:6a:89:fc:b2:ff:
                    4e:c5:63:b7:ce:41:f2:19:c1:57:57:b5:42:55:5a:
                    03:e2:be:27:20:97:12:46:9f:9c:7f:04:22:64:7f:
                    49:f1:4d:c3:01:f9:c2:c4:86:b0:4d:72:5d:54:a0:
                    8f:90:76:a7:a1:24:b2:f1:ed:60:41:19:15:9a:a1:
                    f2:4b:d8:9c:c3:92:02:60:86:2a:a5:3a:09:de:4d:
                    27:d1:61:ac:c4:81:c6:b9:16:7f:e8:c7:fa:6f:1b:
                    81:8f:0d:af:42:cd:0a:a2:5b:68:ee:ef:7e:7d:3e:
                    d9:09:3e:09:49:d4:fd:03:73:8e:19:34:42:7d:16:
                    fa:4d:f9:2c:e0:5e:41:9a:30:8e:36:a7:70:26:08:
                    b5:7c:16:4c:5f:18:23:98:d5:51:8f:e3:c1:e5:7e:
                    38:ce:93:16:5b:8a:cb:08:68:a5:00:44:ba:81:ae:
                    9f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Key Usage: 
                Key Encipherment, Data Encipherment
    Signature Algorithm: sha1WithRSAEncryption
    Signature Value:
        56:e1:6a:b0:75:33:93:e3:c2:63:f8:62:0c:98:5d:ad:b4:7a:
        ce:5f:e4:c2:4c:14:36:f2:9e:a4:c8:0c:45:33:b9:ba:71:b5:
        60:85:73:38:be:89:b0:54:d5:94:a4:27:9e:de:0f:01:49:8d:
        6b:d9:3f:81:8d:4e:48:44:ba:92:7f:6f:4e:01:84:2a:ba:ff:
        c7:c2:91:8e:d5:b6:52:28:03:ba:6d:58:4d:33:55:de:33:b6:
        65:ef:b7:f3:48:e0:f5:63:60:ad:bc:1e:78:b4:95:92:86:83:
        0c:99:8f:dd:69:e3:7a:e8:09:ad:f8:a3:6b:46:05:18:d4:13:
        0a:12:3e:a6:53:5a:1c:a2:f0:f3:66:77:4c:ca:4e:c2:3e:75:
        85:bf:61:37:89:4e:63:a4:a3:f9:32:04:3e:d7:0e:b5:15:77:
        3d:6a:ef:30:80:b4:ee:31:70:e2:aa:2e:66:3e:30:63:92:a8:
        a4:b3:38:09:97:db:d1:28:b1:80:05:55:61:3d:a2:df:9c:b1:
        0a:bb:2c:c3:b9:b2:d2:38:f9:bd:65:78:5e:6c:2b:c3:81:6b:
        1d:fd:b5:e5:be:a6:fd:37:b9:b9:4a:3d:8f:78:65:d2:ca:2c:
        a1:13:b4:a9:cf:ae:81:40:f2:70:53:b7:73:20:4e:ef:3f:f5:
        43:02:06:0a

-943843967 | 2025-01-05T14:02:01.544853

8089 / tcp

HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 47
Date: Sun, 05 Jan 2025 14:02:00 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,PATCH,DELETE,OPTIONS
Access-Control-Allow-Headers: content-type,x-site,x-auth,signature,duplicate-lock,x-language

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:20:13:8d:1b:3f:82:0e:0c:09:c3:5a:1c:e3:0f:4c:26:1a:70:ea
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=RU, ST=Some-State, O=Internet Widgits Pty Ltd
        Validity
            Not Before: Dec 30 10:25:26 2022 GMT
            Not After : Dec 27 10:25:26 2032 GMT
        Subject: C=RU, ST=Some-State, O=Internet Widgits Pty Ltd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ad:4c:87:f4:c0:d6:d7:32:99:26:8d:13:57:75:
                    45:db:0d:cb:df:08:b0:ca:ad:49:f8:10:96:3e:bc:
                    fe:d4:1d:0f:09:98:16:aa:eb:08:79:2a:ec:36:9d:
                    40:26:6b:8f:26:e5:57:eb:9e:65:4e:2a:5b:8d:5c:
                    c7:59:f5:0e:7f:7a:a5:28:6d:85:7a:7d:a8:9f:86:
                    9e:30:2e:68:c7:32:f0:a6:3e:19:d7:65:36:61:39:
                    7f:48:76:cf:e1:56:62:42:e3:00:c9:16:93:c2:18:
                    c0:0c:c4:8c:e5:b9:60:b1:bc:df:de:5c:9d:06:3d:
                    5e:d7:29:35:af:0c:25:22:1c:b1:3d:28:6e:c4:a4:
                    31:af:39:1d:a0:86:5a:b7:a3:fb:8a:4e:5d:84:e6:
                    b7:5a:09:96:89:ac:74:e8:e7:02:9d:df:4d:17:fa:
                    67:8f:07:45:47:e6:b8:0f:23:12:ab:60:50:ee:24:
                    5c:cd:8e:5b:81:c4:ec:1b:8c:d9:10:a9:2c:51:39:
                    7a:b9:91:90:a3:02:b8:82:06:2b:54:be:69:b1:2b:
                    7e:eb:ea:f6:ca:ac:2c:77:54:0e:74:0c:d0:59:90:
                    2d:2f:ee:1a:c5:f0:ae:1e:e7:71:b0:80:e4:ab:81:
                    de:b9:0c:8d:7b:df:ae:04:9a:0f:c3:58:69:a9:b0:
                    b8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                DC:79:2E:77:F2:3C:E9:8F:7E:8C:70:C9:17:8E:94:B3:BD:CB:7B:87
            X509v3 Authority Key Identifier: 
                DC:79:2E:77:F2:3C:E9:8F:7E:8C:70:C9:17:8E:94:B3:BD:CB:7B:87
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        6d:6e:0d:46:52:47:29:6d:a6:71:3a:39:34:be:1d:25:f2:fc:
        23:f2:03:e0:d8:73:30:aa:7a:a4:1e:b4:7b:0a:db:02:ae:89:
        06:3a:96:99:fa:11:cc:84:4a:bc:d9:3f:63:81:60:68:7c:c4:
        ea:f0:31:8d:ea:3d:e0:6b:94:68:64:58:be:57:be:1c:a8:ae:
        f2:a6:75:4d:d8:db:e2:2d:89:52:ee:f1:ef:40:19:82:e1:d1:
        26:22:c0:58:5e:5e:95:11:7a:08:60:18:31:13:6d:35:04:b1:
        5c:b4:b8:d4:66:e7:9f:33:01:d6:ac:c4:30:f0:e4:fe:2c:61:
        40:af:83:79:8a:e9:b6:12:69:0d:97:26:29:5a:63:b6:3e:e6:
        59:02:e9:bd:83:4d:43:c7:7b:e0:3e:aa:7c:0e:06:1e:de:02:
        92:3d:2e:58:02:ac:81:32:d9:57:42:7c:be:d7:53:0f:e6:ec:
        42:7d:48:fb:56:d5:e1:d0:4c:26:bc:de:9d:ac:9e:d1:3f:55:
        e0:5a:06:43:d6:1c:5f:6a:61:23:d6:d5:51:11:09:70:ce:a0:
        4c:2e:dd:c5:3b:46:d5:6b:58:43:2d:51:99:7d:7b:15:48:d1:
        a2:94:63:33:9d:c1:49:22:5a:8d:d2:b5:da:a4:1b:49:be:33:
        7e:4c:5d:d6

1489525118 | 2024-12-19T00:48:17.847061

10243 / tcp

Not Found

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 19 Dec 2024 00:48:19 GMT
Connection: close
Content-Length: 315

213.230.67.56

Last Seen: 2025-01-10

Tags:

GeneralInformation

OpenPorts

1718633480 | 2025-01-10T00:32:39.491750
3389 / tcp

Remote Desktop Protocol

-943843967 | 2025-01-05T14:02:01.544853
8089 / tcp

1489525118 | 2024-12-19T00:48:17.847061
10243 / tcp

Products

Pricing

Contact Us

213.230.67.56

Last Seen: 2025-01-10

Tags:

GeneralInformation

OpenPorts

1718633480 | 2025-01-10T00:32:39.491750 3389 / tcp

Remote Desktop Protocol

-943843967 | 2025-01-05T14:02:01.544853 8089 / tcp

1489525118 | 2024-12-19T00:48:17.847061 10243 / tcp

Products

Pricing

Contact Us

1718633480 | 2025-01-10T00:32:39.491750
3389 / tcp

-943843967 | 2025-01-05T14:02:01.544853
8089 / tcp

1489525118 | 2024-12-19T00:48:17.847061
10243 / tcp