members/285762/
Made deal with User for $700 for the access upon deep investigation of the network I come to find out it's already been ransomwared one month ago.( You can see in the screenshot that the locker files have been 1 month ago)
Proof: https://ibb.co/L98Nkb9
Chat logs:
[pending] : 2024-07-18
[04:29:20] tarmo: Hi)
[04:29:27] Sda: hi
[04:29:41] Sda: frioend gave me your tox for access
[04:31:39] tarmo: Yes
>U can do $700 for
https://www.zoominfo.com/c/nifast-corp/27705637
[04:35:29] Sda: i want it
[04:36:27] tarmo: Ok
How will we make a deal?
[04:36:38] Sda: send your xss url
[04:37:39] members/285762/
[04:38:02] tarmo: Send my pm msg
[04:41:46] Sda: sent
[04:45:57] tarmo: Verif)
[04:46:50] tarmo: Are you satisfied with the price for access?
[04:47:28] Sda: a little bit expensive but if good access np
[04:47:31] Sda: whatts their av?
[04:47:47] tarmo: you have a reputation on the forum. I can sent the access
[04:48:19] Sda: tnx
[04:48:21] tarmo: Av
[04:48:24] tarmo: System center endpoint protection
[04:48:33] Sda: havent heard of it
[04:49:15] tarmo: this is a weak antivirus
[04:49:19] Sda: good
[04:49:22] Sda: send please
[04:50:06] tarmo: https://apps.**************/RDWeb/Pages/en-US/login.aspx:*****************
[04:50:13] Sda: also your wallet i will check abd send money
[04:50:21] Sda: and*
[04:50:30] tarmo: Ok
[04:51:00] tarmo: bc1qnvv9axjlvwhm5*************pt56aryrfu0gpt
[04:51:44] Sda: whats da creds?
[04:51:47] Sda: same?
[04:52:27] tarmo: this is the administrator's access
[04:53:37] tarmo: >https://apps.*******************/RDWeb/Pages/en-US/login.aspx:************************
Yes DA creds
RDweb folder nifast corps
[04:54:06] Sda: tnx looged in
[04:54:24] tarmo: I'll be gone for an hour.
[04:54:36] tarmo: > bc1qnvv9axjlvwh***************56aryrfu0gpt
[04:54:49] Sda: i will send the payment and go for a few hours
[04:54:59] tarmo: Ok
[04:56:01] Sda: e420bb4d74ecde6bd4314267eea*********************66b37abc343670906
[04:56:02] Sda: sent
[04:56:13] Sda: pelase do not sell to anybody else and dont login to access
[04:56:24] tarmo: Thank you bro
[04:56:56] Sda: let me know if have more
[04:57:04] Sda: only admin
[04:57:08] Sda: local admin or domain admin
[04:57:50] tarmo: Local admin
> https://www.zoominfo.com/c/call24-communications/344600539
300$
[04:57:57] tarmo: RDweb
[04:58:08] Sda: i will be back later to see
[16:37:39] Sda: hi
[17:35:48] Sda: bro
[17:35:54] Sda: the access us useless
[17:35:56] Sda: is
[17:36:05] Sda: locked 1 month ago
[17:36:08] Sda: and 8 hosts
[17:36:22] Sda: please refund
[17:36:46] Sda: you can see the day its been locked in screenshots
[17:40:34] Sda: bc1qr7k4xy7z************************4g9zuhc2y
[17:40:37] Sda: wallet address
[17:43:13] Sda: here?
[22:36:42] tarmo: Hi
[22:36:53] tarmo: I've sent you access ahead so you can watch it.
[pending] : 2024-07-19
[00:03:19] Sda: hi
[00:03:32] Sda: i did not scan becuase i trusted you
[00:03:38] Sda: yo ucan see yourself
[00:04:25] Sda: the access is not as decribed
[00:07:08] Sda: its also locked by other group
[00:09:45] Sda: im openning black xss
Made deal with User for $700 for the access upon deep investigation of the network I come to find out it's already been ransomwared one month ago.( You can see in the screenshot that the locker files have been 1 month ago)
Proof: https://ibb.co/L98Nkb9
Chat logs:
[pending] : 2024-07-18
[04:29:20] tarmo: Hi)
[04:29:27] Sda: hi
[04:29:41] Sda: frioend gave me your tox for access
[04:31:39] tarmo: Yes
>U can do $700 for
https://www.zoominfo.com/c/nifast-corp/27705637
[04:35:29] Sda: i want it
[04:36:27] tarmo: Ok
How will we make a deal?
[04:36:38] Sda: send your xss url
[04:37:39] members/285762/
[04:38:02] tarmo: Send my pm msg
[04:41:46] Sda: sent
[04:45:57] tarmo: Verif)
[04:46:50] tarmo: Are you satisfied with the price for access?
[04:47:28] Sda: a little bit expensive but if good access np
[04:47:31] Sda: whatts their av?
[04:47:47] tarmo: you have a reputation on the forum. I can sent the access
[04:48:19] Sda: tnx
[04:48:21] tarmo: Av
[04:48:24] tarmo: System center endpoint protection
[04:48:33] Sda: havent heard of it
[04:49:15] tarmo: this is a weak antivirus
[04:49:19] Sda: good
[04:49:22] Sda: send please
[04:50:06] tarmo: https://apps.**************/RDWeb/Pages/en-US/login.aspx:*****************
[04:50:13] Sda: also your wallet i will check abd send money
[04:50:21] Sda: and*
[04:50:30] tarmo: Ok
[04:51:00] tarmo: bc1qnvv9axjlvwhm5*************pt56aryrfu0gpt
[04:51:44] Sda: whats da creds?
[04:51:47] Sda: same?
[04:52:27] tarmo: this is the administrator's access
[04:53:37] tarmo: >https://apps.*******************/RDWeb/Pages/en-US/login.aspx:************************
Yes DA creds
RDweb folder nifast corps
[04:54:06] Sda: tnx looged in
[04:54:24] tarmo: I'll be gone for an hour.
[04:54:36] tarmo: > bc1qnvv9axjlvwh***************56aryrfu0gpt
[04:54:49] Sda: i will send the payment and go for a few hours
[04:54:59] tarmo: Ok
[04:56:01] Sda: e420bb4d74ecde6bd4314267eea*********************66b37abc343670906
[04:56:02] Sda: sent
[04:56:13] Sda: pelase do not sell to anybody else and dont login to access
[04:56:24] tarmo: Thank you bro
[04:56:56] Sda: let me know if have more
[04:57:04] Sda: only admin
[04:57:08] Sda: local admin or domain admin
[04:57:50] tarmo: Local admin
> https://www.zoominfo.com/c/call24-communications/344600539
300$
[04:57:57] tarmo: RDweb
[04:58:08] Sda: i will be back later to see
[16:37:39] Sda: hi
[17:35:48] Sda: bro
[17:35:54] Sda: the access us useless
[17:35:56] Sda: is
[17:36:05] Sda: locked 1 month ago
[17:36:08] Sda: and 8 hosts
[17:36:22] Sda: please refund
[17:36:46] Sda: you can see the day its been locked in screenshots
[17:40:34] Sda: bc1qr7k4xy7z************************4g9zuhc2y
[17:40:37] Sda: wallet address
[17:43:13] Sda: here?
[22:36:42] tarmo: Hi
[22:36:53] tarmo: I've sent you access ahead so you can watch it.
[pending] : 2024-07-19
[00:03:19] Sda: hi
[00:03:32] Sda: i did not scan becuase i trusted you
[00:03:38] Sda: yo ucan see yourself
[00:04:25] Sda: the access is not as decribed
[00:07:08] Sda: its also locked by other group
[00:09:45] Sda: im openning black xss