[EP_X0FF]

BlueTrash

Tel to call

8-962-945-45-56

New unblock key GALAGA

http://www.virustotal.com/file-scan/rep ... 1295265742
http://www.virustotal.com/file-scan/rep ... 1295265697

there nothing changed except key, no sense to post sample.

[GMax]

FileName: pornoplayer.exe
Size: 45 Kb (46592 byte)
Data/Time compile: 17.01.2011 / 15:04:39 UTC
MD5: 166C436DCA37956D0677D61500EC1C4C

Code: Select all

http://chmok.info/player/pornoplayer.exe

Call num: 9629456950
Unlock key: VALDEZ

[EP_X0FF]

BlueTrash (winAd) updated and moved to new site.

http://www.virustotal.com/file-scan/rep ... 1295607261

Unblock code TNMTTF

Source hxxp://xxxmpegu.info/xxx/2r3inh4uw5k76pbi7kw8s954rk944yzs/pornoplayer.exe

[Xylitol]

homoblocker:

Code: Select all

Number to Call: 9055228378
Number to Call: 9671979556
Number to Call: 9647263435
Number to Call: 9647263634
Number to Call: 9653919160
Number to Call: 9647235212
Number to Call: 9653919221
Code to unlock Windows: NOGLUES

homoblocker:

Code: Select all

Number to Call: 9629464449
Number to Call: 9629456950
Number to Call: 9652107336
Number to Call: 9647262090
Number to Call: 9629454365
Number to Call: 9653919228
Number to Call: 9629457136
Number to Call: 9671979553
Number to Call: 9671979590
Number to Call: 9671979557
Number to Call: 9671979556
Number to Call: 9055228378
Code to unlock Windows: VALDEZ

bluetrash:

Code: Select all

Number to Call: 9055230856
Number to Call: 9653919220
Code to unlock Windows: TNMTTF

[GMax]

homoblocker

Number to Call: 9652857791
Number to Call: 9671979717

unlock key: NOGLUES

Source
hxxp://pezdos.info/player/pornoplayer.exe

[Xylitol]

Bluetrash updated

http://www.virustotal.com/file-scan/rep ... 1295694395
hXXp://ztubexxx.info/5hlb8v883s5b4n1qm9t4nrh5qwvg2hp1/pornoplayer.exe

Code: Select all

Number to Call: 9653910021
Code to unlock Windows: TNMTTF

[GMax]

homoblocker:

http://www.virustotal.com/file-scan/rep ... 1295699535

Number to Call: 9647263667

Unlock key: NOGLUES

Source hxxp://govnjuk.info/player/pornoplayer.exe

[EP_X0FF]

More links to Winlock locations.

All links payload already reviewed by this forum members :)

hxxp://huevka.info/player/pornoplayer.exe
hxxp://hueriga.info/player/pornoplayer.exe

these two are the same like Xylitol reviewed here

hxxp://ztubexxx.info/5hlb8v883s5b4n1qm9t4nrh5qwvg2hp1/pornoplayer.exe

this one from SpermTV pattern.

[Xylitol]

i just use my ransomware bots for see if samples was updated

https://www.virustotal.com/file-scan/re ... 1295724664
https://www.virustotal.com/file-scan/re ... 1295724667

Code: Select all

Number to Call: 9636256561
Number to Call: 9652750771
Code to unlock Windows: NOGLUES

[Xylitol]

https://www.virustotal.com/file-scan/re ... 1295734702
https://www.virustotal.com/file-scan/re ... 1295734699

Code: Select all

Number to Call: 9629462286
Code to unlock Windows: TNMTTF