Remote Desktop Protocol
\x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x1f\x08\x00\x02\x00\x00\x00
Remote Desktop Protocol NTLM Info:
OS: Windows 10 (version 2004)/Windows Server (version 2004)
OS Build: 10.0.19041
Target Name: ZUKO-PC
NetBIOS Domain Name: ZUKO-PC
NetBIOS Computer Name: ZUKO-PC
DNS Domain Name: Zuko-PC
FQDN: Zuko-PC
Redeemer Ransomware - Your Data Is Encrypted
8888888b. 888
888 Y88b 888
888 888 888
888 d88P .d88b. .d88888 .d88b. .d88b. 88888b.d88b. .d88b. 888d888
8888888P- d8P Y8b d88 888 d8P Y8b d8P Y8b 888 888 88b d8P Y8b 888P
888 T88b 88888888 888 888 88888888 88888888 888 888 888 88888888 888
888 T88b Y8b. Y88b888Y8b. Y8b. 888 888 888 Y8b. 888
888 T88b Y8888 Y88888 Y8888 Y8888 838 888 888 Y8888 888
Made by Cerebrate
Visit the official Redeemer Ransomware Tor website -
redeemergdbqgjtzgiuf5jgpkk6i3xybkhsldzjoyjaxivyzinhvmzcad.onion
(Question 1 What happened to my computer
I cannot access my files and they have changed their extension
Answer 1 Your files have been encrypted by Redeemer, a Darknet ransomware
operation.
(Question 2) Is there any way to recover my files2
Answer 2 Yes, you can recover your files. This will however cost you money in
Monero (XMR).
(Question 3) Is there any way to recover my files without paying7
(Answer 3) Without paying for the proper decryption key, you will NEVER regain
access to your files.
Redeemer uses the most secure algorithms and a sophisticated encryption scheme
which guarantees security.
Ever since Redeemer was first released publicly ( May 2021) no one managed to
crack the decryption or
recover their files without paying.
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:36:dc:88:57:a2:1a:9f:4b:03:b7:af:0a:15:dc:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Zuko-PC
Validity
Not Before: Nov 22 13:23:51 2024 GMT
Not After : May 24 13:23:51 2025 GMT
Subject: CN=Zuko-PC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d1:17:a3:5a:08:91:a0:35:7d:5b:14:fb:7d:48:
92:54:32:4c:ae:3d:a2:ca:1b:9e:d4:d6:de:04:2e:
a4:27:dd:e3:02:98:19:23:49:72:51:78:99:3e:5e:
d8:fb:04:b2:8d:01:ea:1a:1e:1b:90:aa:b2:3b:9e:
ee:f7:c2:1a:01:54:86:6a:26:70:16:aa:10:ba:5b:
27:94:21:f2:5a:21:ff:da:0a:61:a7:2f:29:23:03:
7b:57:cc:50:33:37:f3:f9:85:67:e3:8d:25:e0:01:
4d:0b:ce:9c:46:54:64:e5:d0:5f:92:52:8c:1e:9d:
5d:7b:db:65:47:b4:c0:8f:f1:fc:ef:12:d9:c4:c2:
d8:5b:59:c4:af:11:21:4b:a8:4e:c8:ac:1f:15:d4:
f8:18:b9:85:53:3e:43:2a:b5:d4:8d:6f:35:5d:51:
68:39:98:57:e7:80:3e:21:e0:15:36:9a:8c:8d:90:
d6:30:6e:2c:58:41:c5:b7:52:f9:75:5a:ac:b1:43:
0b:93:aa:f0:56:53:96:69:a3:c4:8f:62:d6:8e:fd:
50:8c:b6:11:8e:e8:4f:19:35:e1:db:9f:89:93:d8:
0e:9f:7e:dd:f0:00:b5:76:9e:d8:10:f0:c3:d0:5b:
08:25:bd:06:3b:df:a9:ba:28:e2:d7:b5:dc:f3:f3:
27:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Key Usage:
Key Encipherment, Data Encipherment
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
c6:6f:c7:2e:85:67:4d:6e:fe:0b:a3:8b:81:6c:16:5a:fd:b2:
fb:f8:f6:4b:54:9a:38:a3:67:ab:18:1b:9a:03:cc:c0:fb:54:
35:61:46:17:0f:dc:53:1c:c9:c4:25:81:3b:77:c3:41:07:db:
32:ee:b4:1a:f6:b7:c7:8c:00:0e:cc:d9:c5:31:43:96:b7:76:
23:9a:3d:f3:e1:16:5c:0e:b4:c0:b3:18:56:da:b6:63:67:76:
d0:8d:d2:cc:22:37:75:dd:f5:c1:df:10:30:4c:ac:6d:df:31:
f3:e3:71:47:f6:30:03:59:1f:32:eb:0e:a2:25:0f:e0:05:74:
1f:a9:75:88:f3:e4:37:d2:54:59:94:90:6a:72:23:dd:d2:71:
10:a7:86:4b:2c:21:04:e6:07:80:1d:4c:08:45:0f:f0:23:cb:
4d:e4:49:af:59:6c:8e:4d:44:8c:75:cb:dc:f3:6e:c5:31:20:
9f:f9:a4:d7:68:d2:e0:3b:96:45:38:4f:f4:ba:3a:0d:26:71:
f5:cd:93:b3:f9:ba:4a:6f:3f:c4:b7:59:9c:d3:f2:e8:d3:eb:
7f:7c:f3:5c:af:f4:ff:be:f4:58:12:da:ff:b6:fe:53:ba:50:
97:fb:22:51:37:6a:a0:7b:14:f3:9b:2a:d9:04:4c:79:df:88:
0e:ea:bc:89
