{"id":2037,"date":"2018-12-10T05:00:06","date_gmt":"2018-12-10T05:00:06","guid":{"rendered":"http:\/\/blog.nsfocusglobal.com\/?p=2037"},"modified":"2018-12-10T05:00:06","modified_gmt":"2018-12-10T05:00:06","slug":"wechat-pay-ransomware-analysis-and-decryption-tool","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/wechat-pay-ransomware-analysis-and-decryption-tool\/","title":{"rendered":"&#8220;WeChat Pay&#8221; Ransomware Analysis and Decryption Tool"},"content":{"rendered":"<h2>Risk Overview<\/h2>\n<p>Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the ransomware. To regain access to the files, users are asked to scan a WeChat QR code that appears in a pop-up window and pay 110 yuan (about $16) in ransom. So far, WeChat carrier has suspended the use of this QR code. It also steals passwords to popular platforms including Alipay, Baidu Cloud, internet company NetEase&#8217;s 163 email service, Tencent&#8217;s instant messaging platform QQ, Taobao, Tmall, and JD.com.<!--more--><\/p>\n<p>This virus spreads through &#8220;supply chain pollution&#8221;. The virus writer releases &#8220;EasyLanguage&#8221; programming software infected with the virus on forums and injects the virus into developers&#8217; development environment for spreading.<\/p>\n<p>Reference link:<\/p>\n<p><a href=\"https:\/\/www.zdnet.com\/article\/over-20000-pcs-infected-with-new-ransomware-strain-in-china\/\">https:\/\/www.zdnet.com\/article\/over-20000-pcs-infected-with-new-ransomware-strain-in-china\/<\/a><\/p>\n<h2>Security Tips<\/h2>\n<p><strong>Back Up Important Data Regularly.<\/strong><\/p>\n<ul>\n<li>Do not install software from unidentifiable sources, such as those from a forum or netdisk. When installing software, you are advised to check the software signature.<\/li>\n<\/ul>\n<ul>\n<li>If your computer has been infected, use the NSFOCUS decryption tool (see the appendix) for file decryption.<\/li>\n<li>After the virus is removed, please change your passwords to Alipay, Baidu Cloud, NetEase 163 email service, QQ, Taobao, Tmall, and JD.com as soon as possible.<\/li>\n<\/ul>\n<h2>Technical Details<\/h2>\n<h3><strong>Technical Analysis<\/strong><\/h3>\n<p>After receiving the virus sample, the NSFOCUS security team immediately analyzed the sample and found that it can only encrypt files in the user&#8217;s Desktop directory and its subdirectories but cannot encrypt files of less than 64 bytes. The sample selects files for encryption by extension names. Files with the following extension names are not encrypted.<\/p>\n<table>\n<tbody>\n<tr>\n<td width=\"546\">bat,bin,com,cfg,client,dat,dll,exe,gif,icon,ico,ini,info,json,jar,class,flv,krc,lnk,lib,log,lrc,pak,tmp,xml,ocx,obj,swf,sf,sh,sys,rc,rll,rom,rsa,rtf,rs<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The sample generates a byte flow of 0x7D000 for encrypting files. If the file is larger than the key, excess part of the file will not be encrypted. After the XOR (Exclusive Or) operation is performed between the decryption key and byte flow (\\x05\\x07\\x30\\x0c\\x31\\x1b\\x0a\\x71\\x0d\\x76\\x02\\x00), they are written into the local file, %Appdata%\/Roaming\/unname_1989\/datafiles\/appcfg.cfg. Therefore, this local file can be used for data restoration.<\/p>\n<p id=\"zXscJoq\"><img decoding=\"async\" class=\"alignnone size-full wp-image-2038 \" src=\"http:\/\/blog.nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/img_5c0df1c23459f.png\" alt=\"\" \/><\/p>\n<p>To keep file header information intact, the sample encrypts a file from the 20th byte of its content and all files are encrypted via XOR with the same encryption key.<\/p>\n<p id=\"moRWwzk\"><img decoding=\"async\" class=\"alignnone size-full wp-image-2039 \" src=\"http:\/\/blog.nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/img_5c0df1cd76a54.png\" alt=\"\" \/><\/p>\n<p>After all files are encrypted, the following window pops up.<\/p>\n<p id=\"rwatLSA\"><img decoding=\"async\" class=\"alignnone size-full wp-image-2040 \" src=\"http:\/\/blog.nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/img_5c0df1e691f2a.png\" alt=\"\" \/><\/p>\n<h3><strong>Decryption Method<\/strong><\/h3>\n<p>NSFOCUS security researchers have provided a decryption script for affected users to download for file restoration. The procedure is as follows:<\/p>\n<p>Put the %appdata%\/roaming\/unname_1989\/datafile\/appcfg.cfg file and decryption script in the same directory.<\/p>\n<p id=\"CSmVnAQ\"><img decoding=\"async\" class=\"alignnone size-full wp-image-2041 \" src=\"http:\/\/blog.nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/img_5c0df1ff29954.png\" alt=\"\" \/><\/p>\n<p>\u00a0\u00a0 Run the <strong>weixin_ransomware_decrypt.py appCfg.cfg [path of the file to be decrypted] <\/strong>command to decrypt the file.<\/p>\n<p>The following is an example of encrypted file.<\/p>\n<p id=\"gTDAehO\"><img decoding=\"async\" class=\"alignnone size-full wp-image-2042 \" src=\"http:\/\/blog.nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/img_5c0df20b69c05.png\" alt=\"\" \/><\/p>\n<p>\u00a0\u00a0 Run the decryption script:<\/p>\n<p id=\"DMUHxvt\"><img decoding=\"async\" class=\"alignnone size-full wp-image-2043 \" src=\"http:\/\/blog.nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/img_5c0df2175cb6a.png\" alt=\"\" \/><\/p>\n<p>\u00a0\u00a0 After decryption, the file content is as follows:<\/p>\n<p id=\"vPEJZAc\"><img decoding=\"async\" class=\"alignnone size-full wp-image-2044 \" src=\"http:\/\/blog.nsfocusglobal.com\/wp-content\/uploads\/2018\/12\/img_5c0df21e16979.png\" alt=\"\" \/><\/p>\n<p><strong>Statement<\/strong><\/p>\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n<p><strong>About NSFOCUS<\/strong><\/p>\n<p>NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company&#8217;s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.<\/p>\n<p>For more information about NSFOCUS, please visit:<\/p>\n<p>https:\/\/www.nsfocusglobal.com<\/p>\n<p>NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Risk Overview Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the ransomware. To regain access to the files, users are asked to scan a WeChat QR code that appears in a pop-up window and pay 110 yuan (about $16) in ransom. So [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1707,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[17,20],"tags":[44,646,681,748],"class_list":["post-2037","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability-analysis","category-uncategorized","tag-about-nsfocus","tag-security-tips","tag-technical-details","tag-wechat"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&quot;WeChat Pay&quot; Ransomware Analysis and Decryption Tool - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&quot;WeChat Pay&quot; Ransomware Analysis and Decryption Tool - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Risk Overview Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-10T05:00:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"&quot;WeChat Pay&quot; Ransomware Analysis and Decryption Tool - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Risk Overview Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"&#8220;WeChat Pay&#8221; Ransomware Analysis and Decryption Tool\",\"datePublished\":\"2018-12-10T05:00:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/\"},\"wordCount\":728,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/banner_141.jpg\",\"keywords\":[\"About NSFOCUS\",\"Security Tips\",\"Technical Details\",\"WeChat\"],\"articleSection\":[\"Threat Analysis\",\"Uncategorized\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/\",\"name\":\"\\\"WeChat Pay\\\" Ransomware Analysis and Decryption Tool - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/banner_141.jpg\",\"datePublished\":\"2018-12-10T05:00:06+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/banner_141.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2018\\\/10\\\/banner_141.jpg\",\"width\":335,\"height\":186,\"caption\":\"Green abstract design with star and arrows.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/wechat-pay-ransomware-analysis-and-decryption-tool\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8220;WeChat Pay&#8221; Ransomware Analysis and Decryption Tool\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\"WeChat Pay\" Ransomware Analysis and Decryption Tool - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"\"WeChat Pay\" Ransomware Analysis and Decryption Tool - NSFOCUS","og_description":"Risk Overview Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the","og_url":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/","og_site_name":"NSFOCUS","article_published_time":"2018-12-10T05:00:06+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_title":"\"WeChat Pay\" Ransomware Analysis and Decryption Tool - NSFOCUS","twitter_description":"Risk Overview Recently, over 20,000 PCs in China have fallen victim to WeChat Pay ransomware. Files on the affected devices are encrypted by the","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg","twitter_misc":{"Escrito por":"admin","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/"},"author":{"name":"admin","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"&#8220;WeChat Pay&#8221; Ransomware Analysis and Decryption Tool","datePublished":"2018-12-10T05:00:06+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/"},"wordCount":728,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg","keywords":["About NSFOCUS","Security Tips","Technical Details","WeChat"],"articleSection":["Threat Analysis","Uncategorized"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/","url":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/","name":"\"WeChat Pay\" Ransomware Analysis and Decryption Tool - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg","datePublished":"2018-12-10T05:00:06+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2018\/10\/banner_141.jpg","width":335,"height":186,"caption":"Green abstract design with star and arrows."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/wechat-pay-ransomware-analysis-and-decryption-tool\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"&#8220;WeChat Pay&#8221; Ransomware Analysis and Decryption Tool"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"admin","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/2037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=2037"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/2037\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/1707"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=2037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=2037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=2037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}