Lazarus Resurfaces, Targets Global Banks and Bitcoin Users ...
Lazarus Resurfaces, Targets Global Banks and Bitcoin Users ...
Droppery for COINBASE:ETHUSD by AustinMJames
Bitcoin Blockchain Hacked By A New Type Of Malware ...
PLAYING THE DROPPER MINECRAFT MAP IN VIRTUAL REALITY ...
Analysis on Locky dropper mechanisms
Proper Care & Feeding of your CryptoLocker Infection: A rundown on what we know.
This article is no longer being maintained, please see the new version here. Thanks. tl;dr: I hope you have backups. It's legit, it really encrypts. It can jump across mapped network drives and encrypt anything with write access, and infection isn't dependent on being a local admin or UAC state. Most antiviruses do not catch it until the damage is done. The timer is real and your opportunity to pay them goes away when it lapses. You can pay them with a GreenDot MoneyPak or 2 Bitcoins, attempt to restore a previous version using ShadowExplorer, go to a backup, or be SOL. Vectors: In order of likelihood, the vectors of infection have been:
Email attachments: A commonly reported subject is Payroll Report. The attachment, most of the time, is a zip with a PDF inside, which is actually an executable.
PCs that are unwitting members of the Zeus botnet have had the virus pushed to them directly.
There is currently one report of an infection through Java, using the .jnlp file as a dropper to load the executable.
Variants: The current variant demands $300 via GreenDot MoneyPak or 2 BTC. I will not attempt to thoroughly monitor the price of bitcoins for this thread, use Mt. Gox for the current exchange rate. Currently the MoneyPak is the cheaper option, but last week Bitcoins were. Two variants, including a $100 variant and a $300 that did not offer Bitcoin, are defunct. Payload: The virus stores a public RSA 2048-bit key in the local registry, and goes to a C&C server for a private key which is never stored. The technical nuts and bolts have been covered by Fabian from Emsisoft here. It will use a mix of RSA 2048-bit and AES 256-bit encryption on files matching these masks: *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c, *.pdf, *.tif This list of file masks may be incomplete. Trust this list at your peril. When in doubt, CryptoLocker will show you what files it has encrypted by clicking the relevant link in the virus's message. It will access mapped network drives that the current user has write access to and encrypt those. It will not attack server shares, only mapped drives. Current reports are unclear as to how much permission is needed for the virus to encrypt a mapped drive, and if you have clarification or can test in a VM please notify me via message. By the time the notification pops up, it's already encrypted everything. It's silent until the job is done. Many antiviruses have been reported as not catching the virus until it's too late, including MSE, Trend Micro WFBS, Eset, GFI Vipre, and Kaspersky. They can further complicate matters by reverting registry changes and removing the executables, leaving the files behind without a public or private key. Releasing the files from quarantine does work, as does releasing the registry keys added and downloading another sample of the virus. Windows XP through 8 have all reported infections. What's notable about this virus, and this is going to lead to a lot of tough decisions, is that paying them to decrypt the files actually does work, so long as their C&C server is up. They verify the money transfer manually and then push a notification for the infected machine to call home for the private key again, which it uses to decrypt. It takes a long time to decrypt, at the rate of roughly 5GB/hr based on forum reports. The virus uses the registry to maintain a list of files and paths, so not moving the files around is vital to decryption if you are paying them. Also notable is that the timer it gives you to pay them does appear to be legitimate, as multiple users have reported that once the timer ran out, the program uninstalled itself. Reinfecting the machine does not bring a new timer. I was not able to verify the uninstallation of the program after the timer ran out, it appears to be dependent on internet access. Due to the nature of the encryption, brute-forcing a decrypt is essentially impossible for now. Removal: Removing the virus itself is trivial, but no antivirus product (or any product, for that matter), will be able to decrypt the files until the private key is found. File Recovery: There are only a handful of options for recovering encrypted files, and they all rely on either having System Restore/VSS turned on or having a backup disconnected from the infected machine. Cloud backup solutions without versioning are no good against this as they will commit the encrypted files to the cloud. I had a Carbonite employee message me regarding my earlier statement that Carbonite is no good against this virus. It turns out that versioning is included in all Carbonite plans and support all agent OSes except Mac OS X which is outside the scope of this thread anyway. They have the ability to do a mass reversion of files, but you must call tech support and upon mentioning CryptoLocker you will be escalated to a tier 3 tech. They do not mention this ability on the site due to the potential for damage a mass reversion could do if done inadvertently. These are my own findings, independent of what the employee told me. Crashplan and other versioning-based backup solutions such as SonicWALL CDP should also work fine provided the backups are running normally. Using the "Previous Versions" tab of the file properties is a cheap test, and has had mixed results. Using ShadowExplorer on Vista-8 will give you a much easier graphical frontend for restoring large amounts of files at once (though this will not help with mapped drives, you'd need to run it on the server in that case). Undelete software doesn't work as it encrypts the files in place on the hard drive, there is no copying going on. The big takeaway is that cold-storage backups are good, and they will make this whole process laughably easy to resolve. Prevention: As this post has attracted many home users, I'll put at the top that MalwareBytes Pro, Avast! Free and Avast! Pro (defs 131016-0 16.10.2013 or later) will prevent the virus from running. For sysadmins in a domain environment, one way to prevent this and many other viruses is to set up software restriction policies (SRPs) to disallow the executing of .exe files from AppData/Roaming. Grinler explains how to set up the policy here. Visual example. The rule covering %AppData%\*\*.exe is necessary for the current variant. The SRP will apply to domain admins after either the GP timer hits or a reboot, gpupdate /force does not enforce it immediately. There is almost no collateral damage to the SRP. Dropbox and Chrome are not effected. Spotify may be affected, not sure. I don't use it. Making shares read-only will mitigate the risk of having sensitive data on the server encrypted. Forecast: The reports of infections have risen from ~1,300 google results for cryptolocker to over 150,000 in a month. This virus is really ugly, really efficient, and really hard to stop until it's too late. It's also very successful in getting people to pay, which funds the creation of a new variant that plugs what few holes have been found. I don't like where this is headed. Some edits below are now redundant, but many contain useful information. 9/17 EDIT: All 9/17 edits are now covered under Prevention. 10/10 EDIT: Google matches for CryptoLocker are up 40% in the last week, and I'm getting 5-10 new posts a day on this thread, so I thought I'd update it with some interesting finds from fellow Redditors.
soulscore reports that setting the BIOS clock back in time added time to his cryptolocker ransom. Confirmed that the timer extends with the machine offline, but that may be cosmetic and I don't like your chances of this actually helping if your timer runs out on the server side.
Spinal33 reports that AV companies are catching up with CryptoLocker and are blocking websites that are spawned in the virus's domain generation algorithm. This effectively means that some people are locked out of the ability to even pay the ransom. (Technically they could, but the virus couldn't call home.)
Malwarebytes is claiming that MBAM Pro will catch CryptoLocker. If someone wants to test them on it, be my guest. Confirmed
CANT_ARGUE_DAT_LOGIC gave some insight on the method the virus uses when choosing what to infect. It simply goes through folders alphabetically and encrypts all files that match the filemasks towards the top of this post. If you are lucky enough to catch it in the act of encrypting and pull the network connection, the CryptoLocker message will pop up immediately and the countdown will begin. Helpful in determining what will need to be taken into account for decryption.
EDIT 2: We had a customer that ignored our warning email get infected so I will have my hands on an infected PC today, hope to have some useful info to bring back. 10/10 MEGA EDIT: I now have an active CryptoLocker specimen on my bench. I want to run down some things I've found:
On WinXP at least, the nested SRP rule is necessary to prevent infection. The path rule needs to be %AppData%\*\*.exe
Once the program runs it spawns two more executables with random names in %userprofile%. Adding a SRP to cover %userprofile%\*.exe may be desired, though this will prevent GoToMyPC from running at a bare minimum.
This user was a local administrator, and CryptoLocker was able to encrypt files in other user's directories, though it did not spawn the executables anywhere but the user that triggered the infection. When logged in under a different account there is no indication that a timer is running.
The environment has server shares but no mapped drives and the shared data was not touched, even though a desktop shortcut would've taken the virus to a share. I suspect that will be covered in the next iteration.
The list of masks above does not appear to be totally complete. PDF files were encrypted and were not originally part of the set of file masks. That is the only exception I noticed, everything else follows the list. Conveniently (/s), CryptoLocker has a button you can click that shows the list of files it's encrypted.
The current ransom is $300 by MoneyPak or 2BTC, which at the time of writing would be $280 and change.
Fabian reported that registry data is stored at HKCU/Software/CryptoLocker. I cannot glean the meaning of the DWORD values on files but I do notice they are unique, likely salts for the individual files. I'm curious what purpose that would serve if the private key was revealed as the salts would be useless.
I have confirmed the message soulscore left that setting the BIOS timer back a few hours adds an equal amount of time. No telling whether that will work once it has a network connection and can see the C&C server, though.
The virus walked right through an up-to-date version of GFI Vipre. It appears AV companies either consider the risk too low to update definitions or, more likely, they're having trouble creating heuristic patterns that don't cause a lot of collateral damage.
10/11 EDIT: I ran Daphne on the infected PC to get a better idea of what might be going on. lsass.exe is running like crazy. Computer's had it's CPU pegged all day. I noticed the primary executable running from %AppData% has a switch on the end of the run command, which in my case is /w000000EC. No idea what that means. 10/15 EDIT: I just wanted to thank all the redditors that have submitted information on this. I have some interesting new developments that I'll be editing in full tomorrow. 10/18 EDIT: Hello arstechnica! Please read through comments before posting a question as there's a very good chance it's been answered. New developments since 10/15:
We have confirmation that both Malwarebytes Antimalware Pro and Avast Free and Pro will stop CryptoLocker from running. My personal choice of the two is MBAM Pro but research on your own, AV Comparatives is a wonderful resource.
We have reports of a new vector of infection, Java. This is hardly surprising as Zeus was already being transmitted in this fashion, but Maybe_Forged reports contracting the virus with a honeypot VM in this manner.
zfs_balla made a hell of a first post on reddit, giving us a lot of insight to the behavior of the decryption process, and answered a frequently-asked question. I'm paraphrasing below.
A file encrypted twice and decrypted once is still garbage. The waiting for payment confirmation screen stayed up for 16 days before a decryption began, so don't lose hope if it's been up a while. The DWORD values in the registry have no bearing on decryption. Renaming an encrypted file to one on the list in the registry will decrypt it. However, I would presume this would only work for files that the virus encrypted on that machine as the public key is different with every infection. Adding any new matching files to somewhere the virus has access will cause them to be encrypted, even at the "waiting for payment confirmation" screen. Be careful. Hitting "Cancel" on a file that can't be found doesn't cancel the entire decryption, just that file.
EDIT 2: I've rewritten the bulk of this post so people don't have to slog through edits for important information. 10/21 EDIT: Two noteworthy edits. One is regarding Carbonite, which is apparently a viable backup option for this, it is covered under File Recovery. The other is regarding a piece of software called CryptoPrevent. I have not tried it, but according to the developer's website it blocks %localappdata%\*.exe and %localappdata%\*\*.exe which is not necessary for the current variant and will inflict quite a bit of collateral damage. I have no reason right now to doubt the legitimacy of the program, but be aware of the tradeoffs going in. I'm now at the 15000 character limit. Wat do?
And I'm gonna call this one the value of being wrong
So I would start out the day saying this guy Peter Strzok, and we're gonna keep it STROKES to make it an internet meme, and and not struggle the name
Peter Strzok here I say is Andrew McCabe, right?
Completely wrong. And completely wrong, right?
Well first of all I correct it within 24 hours, unlike the peepee dossier, where we're like a year and a half now into a false...into a false narrative they're right
This is this shows you how this process--open process--is going to win, no matter how much effort, power, and money gets put into it, and why the false construction from peepee dossier is going to fail, because people get tired of having to defend this
Now there's a lot of people helping me with the name Strzok...and it makes it fun
And in here--Carol Brawndo's--and gleefully saying--you got it wrong
And I'm saying exactly the same thing I'm saying here
The metadata the great thing about going on the metadata is: only the links in the chain that are wrong need to be replaced, and then you make the conclusion at the end after you get all the evidence
Unlike starting out with a peepee dossier where you have flawed evidence chains all along the way and all the chains weaken every day
So it's just a matter of time before you you win
And then that's exactly where we're at, within 24 hours
And I'll just show you that how that occurred within 24 hours
First of all there's all the the different folks coming in saying, "well this is not news--we knew that somebody left the Mueller investigation. We knew that somebody left the Clinton Foundation investigation. We knew that somebody left the Trump thing"
The key is that are all tied together--these ubiquitous Peter Strzok and Lisa Page
They're everywhere where Andy McCabe is
They are the surrogates of Andrew McCabe--that's the key thing
That's the new thing that you put those three things that were broken up, now you put them together
And this becomes this document becomes a dossier into itself
The FBI could never compare a compiled something this beautiful in 24 hours there's no way unless they
Well they could put 50 agents on it
But this is just a great post here about NSA
And how NSA goes down to this FBI data intercept technology unit in Quantico, Virginia
They have better access to the providers
And it turns out that that FISA the FISA warrants provide 40 percent--forty percent of the information coming to the NSA
And here we get a go week again, we get the exact data
There's seven thousand four hundred eighty five flights at targets
This is gonna be my I'm gonna drill right in on that
How many of these are real terrorism suspects?--like I guess Mohamed Mohamud, which really is wasn't a terrorism suspect
And how many are deplorables?
That number is what I'm gonna work off of
Now there's gonna be a much greater number that that than that that are not FISA, that are just a pair of--Awan type of targets, which I think it's gonna be more like 150,000 or so
But we'll get there, we'll get there, with the DHS system
But we're not there yet but here comes Zero Hedge with Peter Strzok
(people talking about I should speak up so I'll talk up louder)
And then let's see let's go a little bit further here in the comments
People say I should write the book well you have to live through it first
And then it almost writes itself it would almost be worse trying to write this it's rather just better to experience it
Here's stuff coming in about how Peter Strzok is a his father's 81
His dad writes for the Fayetteville Observer
His dad talks about the Persian language, civic action schools for the Kurds, the Balouch, the Turkoman, the Azeris, the Afghans, worked his dad worked in 13 different Western African villages
Now those are some interesting things for Fiat nom--that we didn't know before yesterday right
Clarksville, Tennessee he's lived in Clarksville, Tennessee
He's lived in Minneapolis, Minnesota
Of course you remember that case where the kids were being taken from Minnesota to Clarksville
Now I'm not saying he's if at all or part of that, but it just screams out the metadata just screams out, "hey how about that one case, where the kids were going in the cages to Tennessee from Minnesota"
Let's see what we got here
Eight one eight is kind of like a 911 call--a 911 call between agencies
When some goes section 811 811--that's the Intelligence community Inspector General, the ICIG, saying hey, "red flag red flag red flag we need to watch this dossier"
And this is a news article from last year saying that that that happened for these Clinton emails
So all the different inspectors general--all the different inspectors general on August 9th, 2016--I believe that's what this saying--is when you send out an 811, I believe all the inspectors generals are alerted across all agencies
I believe, that'll be interesting to try to find out
Again, it's almost better when I'm wrong, because the Intelligence comes back, and it's been it's it this is just great
So this one is about how Hillary bought or promised these ranches to the FBI agents that were involved in the different in the different investigations
So yeah, I could see why the FBI would be would want to have a foregone conclusion if they get the Bundy ranch or they get whatever ranch when they're investigating Uranium One
Just in really super interesting data this becomes really an incredible dossier in and of itself
And this is why when we roll tough day 54, I think I'm gonna just use the old the old dossiers, and just--layer on new comments now with the new updates
Most of its 95% of the stuff is right
So I've many just think I'm gonna use that as a base I don't know yet
I'll make that decision down the road
But here's davon Nunez preparing a contempt of Congress
This is all happening today by the way
I believe a contempt of Congress would agree is going a letter from Nunes it's going to happen today for the FBI and the DOJ not sure
But here they're talking about there's a lot of Strzok up there
Dzfferent Strzoks for Dzfferent Fzoks
There's a lot of Dzfferent Strzoks for Dzfferent Fzoks up there, near O'Hare Airport { Ohzazre Azrpzrozrt }
And with this Polish name Strzok--this Lisa Page is married to a guy named like Stirdovan or something like that
It's a Dutch name, and I think this guy's actually Dutch
I really don't think he's just Peter Strzok is a real name so that's why i'm not bothering pronouncing it right
{{ 911 I think it's "Struck" }}
I really think this is the key I don't know why but it just screams I've been to the Bolingbrooke warehouse area that support
So here and I went out there where their wands had the Bolling Brook location it just saw warehouses for as far as you could see and you can see all these Polish people--on all these polyester that's a Coke Pepsi Pepsi Coke Pepsi coke
So it was just it just screened that metadata just scream "Strzok" Dzfferent Strzoks for Dzfferent Fzoks it's near O'Hare Airport
So we'll get there we'll get there
But remember that visual of Coke Pepsi Pepsi Coke--or you got yellow cake or you got white cake you yellow cake you got a white cake
So anyway, we'll remember that Belushi routine when we get back to Dzfferent Strzoks for Dzfferent Fzoks
So here this person talks about Hillary purchasing, or how these two this different this Peter Strzok and Lisa Page are involved in the tarmac incident
I mean just everything in the campaign that you remember
It seems to be involved with these two
They seem to be everywhere
There's literally kind of like the Zelich's of this story
And that's an arcane reference
So I'll just say I'll just say they're the they're the Strzoks--it's become an internet meme already okay {{ wut }}
So let's go a little bit further and I will yeah somebody said--all these fake names have--anatomical references, which I agree as--
Everyone made comment about how he worked on he had the 3:00 hour interview with Hillary that the email cover up...
This is it
This is the six hundred fifty five thousand emails
This is the--the motherlode we're down to the actual person who did it
So that's the beautiful piece of this and here this person's talking about how the Sekulow documents the 413 pages of the second load documents talk about all this stuff talk about the tarmac meeting
And now we're connecting Strzok and page to Senator Feinstein and the Intel committee
And that kind of kind of school play where she was gonna really--get--bust the CIA over this
And then oh by the way, we didn't do anything at the end of the day
Kind of reminds me of a Grassley letter
Here people are talking about and I talked to Task Force yesterday
About how they asked their really asked this during these interview questions they really asked his drug questions
Have you used drugs have you used drugs they want you to admit that you've used drugs
So that later on they could go he's a drug user
If this person ever has a conscience later on down the road, you can always come back and say well they're a drug user
They want people compromise from the beginning to be involved in this
And that this is especially true of this Peter Strzok he asked those types of questions
He was sued over it okay
So and it the Intelligence was just so good on this
So I'll leave it there is kind of a morning warm-up
And we'll move on to the news of the day as as it develops
Again, day 45 part two and these are the comments I talked a lot about McCabe and moving to Chappaqua...
And all the power and crews and digging and pedestals and vaults and all the things that change up there
I thought geez it just looks like they're moving money out of Indonesia and Malaysia and European banks and offshore banks and and mining all the Bitcoin for Hillary to get--resources for the future
Hillary two ready for the getter treasure trove organized in Chappaqua for the big drive to the presidency
And it's amazing how when something just fits
How a lot of data comes together <<> from the DNC two Chappaqua
{{ 135 Castle Road. 15 Old House Lane shown on map unknown owner unknown city unknown state not a dox }}
The reason why I believe it moves from DNC to Chappaqua is the to operations are done
First operation is looting DCCC
The second operation is looting DNC, while there's still other candidates getting money then when you're done and you eliminate Bernie, then you you don't need to do that anymore, and you move the operations to Chappaqua
Again, you don't want your hackers being arrested
When they're exposed at DNC
When they're exposed at DCCC., they're there's an ability to get arrested
So it's the same reason why I think for the OIG hack of DHS
You come in with a team--I'm not saying Lisa Grafenstine, but somebody like that
You come in with a team, you say here's your vulnerability risk, we're gonna look and do all this vulnerability testing, we're gonna get it or download all these files
Now oops, I stole the Inspector General's laptop
Again, took it over to Hawkshead--and
Again, asking Andre Taggart, when the up I would remember when somebody came over to my house with an FBI raid
Ask Andre Taggart what day the FBI raid and the NCIS people came over, the Capitol police came over and got that
The OIG laptop
And I believe it's gonna be, I believe they stole an Inspector General's laptop
I'm not saying Lisa Grafenstine, but remember there was four laptops, and 20 Blackberries with government markings, and there was the toner
So I'm gonna say right now, I believe that was the DHS's OIG's laptop
So again, the Capitol police report would tell us, and there would be no reason to repress that if that wasn't true, correct?
So anyway I want to go through this and operations move DCCC DNC then Chappaqua
And I wanted to say that a--how does somebody live in New York and then their wife is running for Virginia?
I'm saying that McCabe is buying this house for the Awans to live at
I'm not saying Andrew McCabe is moving up there
I'm saying he's setting up this command center in it and if everything looks like a command center in Chappaqua
He's setting it up for the Awans to move up there
Now I'm not saying a Seth Rich doesn't come up there or--a satellite person like--Hina Alvi doesn't come up there as well
But I think--all these your satellite person
But the hacking team is gonna follow Imran okay
So anyway DCCC DNC those two operations are done, then you move everything to Chappaqua
Just based on metadata
And then--you only need to be up there a day or a weekend to buy the house and then you're back with your wife
So I think that's what happened
There's a lot of action right now inside
Now I made a mistake yesterday it wasn't Kislyak that died
It was chicken Churkin that died
So there's been like nine Russian ambassador's die
So he died right about a month later and I could conflated the two
So there was a correction there
Just to make sure you got that right
But I love Corrections
Because then people remember corrections better than they do if you said I was right
People hate to hear people say I was right
People love to hear people say I was wrong {{ 911: those are called trolls or h8rs }}
And I've corrected you and I love it
So so keep correcting me because it only reinforces a chicken died right after that
So it makes me think Chuck it's the guy that they did the deal with read Kissel yakked--it's just one thing after another
Now this is an interesting one I did last night with Lisa Page
Again, we're down to the people actually making the move
So once you get the actors then you can just follow their schedule around and just query their schedule and ask for discovery on their schedule and then ask him a questions around their schedule and Lisa Page as ubiquitous with this Stroeve Peter Strzok and she had this criminal offense over in Ohio and I said ,"hey, that really makes me think about Strongsville
Because I was in Strongsville that's where one of the Saipov trucking companies was that was where this creepy school was that was I thought ,"hey, there's this weird European center there that got raided by the FBI
So for ten years we have a color-of-law operation where we're bringing people into this Strongsville adoption agency
And if you read down a little bit farther, it's got all these kids from all these different countries from this running it for the State Department
Now that wouldn't be particularly significant (I'll read a little bit farther into this)
That that wouldn't be particularly significant if it wasn't for the fact the State Department says these European adoption consultants EAC European adoption consultants were from Bulgaria blah blah blah all these different countries, and then Ukraine Ukraine Ukraine Ukraine
Now I realize it's the last one, but this is the one that's the funnel for the Russian kids
What they're doing is they're given Russian kids and Russian families Ukrainian visas
So this was the Paul Manafort connection
And then and they're coming in and bringing them in through this Strongsville, Ohio
And it's out of the way we're nowhere else is this is where one of the Saipov trucking companies is
Why do I think the EB-5s are related to this, well a Saipov got 23 EB-5s
Saipov has a trucking company here in this in Strongsville
So that's why I think that--no other reason
Plus here where Stevie-Steve gets his hair cut, I went out there to where Stevie Steve this mass murderer who I thought was involved in killing the trucking folks down in Ohio, down this way a little bit
And he's right there he's right at right at this nexus right along with everybody else
He's also the guy at the Cleveland Clinic--when these visitors are coming in from UAE and Dubai in and Abu Dhabi
He's the one running between the children's center and--you know mentally handicapped kids are dying in their sleep, and then there's these successful heart operations the next day {{ 911: gross }}
So it's kind of like Stevie Steve and I went to his barbershop and I went to all these different barber shops and where the people were killed
And he just seems to be in the middle of it
Everything seems to rotate around Strongsville
Now the fact that Peter Strzok'a his dad has this kind of correspondent relationship with all these mullahs in nine different countries in the Arab countries leads me to believe that's the sales network--
I just--I know that's a--wild speculation but I just connected all the way from, "hey, all these different countries are the customers and all these Ukrainian kids are--being shopped out and they're meeting them here--somewhere out here at this creepy place"
They're meeting and say, 'yeah I want that one,' and then they're getting on the plane and then flying home--from from Cleveland International Airport
I'm not I'm not sure, but it's it just that you metadata screams that
Why is Lisa Page in a company with Paul Manafort
Why is she a partner in a company with Paul Manafort?
Why? Why would that be?
Now is that a nine or ten years sting I guess
So I guess it's a nine or ten years sting?
So anyway good comments sorry about the mistake about Churkin
The Lisa Page connection here some people said Lisa Page is a Mossad agent whatever
{{ 911: I think therefore I am Mossad }}
The Lisa Page connection here to to Paul Manafort is a very strong one
And I believe they're EB-5s
If like I said if Saipov didn't have a trucking company here
And it was Bright auto or something like that
And I had a car company I wouldn't say anything
He has another one in Cincinnati, which leads me to believe there's gonna be another funnel near Cincinnati
Now our Mr. Akhmetshin's gonna come back into the story
Akhmetshin this is an ak-47 meeting your shin you remember back on days 260 something like that I was in Washington DC, talking about it Akhmetshin
I think it was in even before talking about the peepee dossier even before I had kind of brought Fusion GPS from kind of out behind it
So these are these cases right
Now what do we know about Akhmetshin?
Well he was the guy who went to the Trump Tower meeting I believe
Now Andrew McCabe is gonna be meeting with Glenn Simpson a Fusion GPS and a Akhmetshin and Veselnitskaya
They're gonna be planning this sneak attack on Donald Trump Jr.
They're gonna--they're gonna send them in
They're gonna send Veselnitskaya in say by this by this dossier, buy this dossiers, shop this dossier, much like Peter stroke shops the dossier in Congress in December of 2016 to try to do the anti-Trump thing right
So they're gonna shop this dossier Dom Trump jr. says yeah maybe--kind of and then somebody behind him says that's crazy
We're not gonna do that I think that's Jared Kushner
But somebody turns it down says this is crazy maybe it's a lawyer or something and it's not worth anything it throws it out
So there's no collusion and it's over with
So Akhmetshin's your setup guy
So what is he doing in these cases?
Well he's filing is what they call an "interested party",
And this is basically I'm gonna side with one of the two guys in the party here
So in this case there's an oil and there's a mineral case here in Washington DC
And then he sides with this one of the parties of the two parties
Now are they targeting different people?
Are they just picking a professor out of somewhere in one of their schools that supports Hillary to attack some friend of Vlad in Moscow to try to unhook some deal in Moscow?
Is that really what they're doing? Who knows
But let's look at this New York case, where let's see Ahkmetshin files, again, as an intervener, and just see if that's what's going on
Let's see modus operandi--we see a pattern developing
This is eggy here...this is a plaintiff it looks like
We're gonna see down here it's it's a movant somebody clear
They're gonna kick in something in this case and then there's this Zalmayev
Well it turns out he is a professor at University of California
And it turns out this guy is actually living in Moscow, trying to do Moscow Business Development
Let's see if they are attacking them or not
Oh here's Ahkmetshin he's gonna add some information in here and then he's also going to countersue
Zalmayev is also going to countersue the guy that's that they're attacking
Let's see how this goes
So we go down here to the docket, we go to the first complaint here, and we go to this, and this is gonna be expensive and you see that already thirty seven dollars
And there are thirty three dollars to view this document
I think I might have last month was terrible for reading documents it's like a thousand bucks
But anyway here it is there's Aggie suing Zalmayev's here
What's he saying? Well malicious disnformation campaign
What does that sound like? Doesn't that sound like exactly what's happening to Trump right now?
Russian corporate raid? Hmm where have I heard that before?
International litigation prevented him from personal safety loss of life and liberty harm abandon his claim to a valuable investment
It played a key role in the campaign elaborate negative public relations campaign illegitimate efforts
Defamatory false injurious statements all this sort of thing false defamatory etc etc etc
Now as a journalist, you have to report the news, and I correct whenever I make a mistake
So there is a certain amount of responsibility that comes along with that
And I try to exercise that every day
But this is where you're planting stories where you're paying--where has already been
Now identified as paying journalists to plant stories that are false--that's something very different
That's a that's a sneak attack
That's not journalism
That's not absence of malice--
That's going in with a preconceived idea to smear somebody, in writing, in publications no less, well-known publications
{{ 911bs: Called malinformation. Misinformation's a mistake. Disinformation could be done in a protective way (US spreading disinfo about crop circles), malinformation always is to harm }}
So they look like they grab this state of California professor they say ,"hey, I got an idea let's let's bust up a deal in Moscow and here it is"
There's the Moscow hotel they're going to bust up deal
And then finally what happens after this case is after they go through six years of litigation it basically dies
And this is a very very long case you can see here it starts in 2011 about when Fusion GPS starts and goes all the way until last month, when you guys finally just--gives up over end and it's sealed
And they seal the seal the case
So but then there's all this stuff
{{ 911: that's called lawfare }}
Now the key question is are our two people are our two FBI people people Lisa Page and Peter Strzok involved in this case or not?
Do they ever get involved as Peter Strzok ever get involved in this case with Lisa Page?
That's the question of the day
I'll put some screenshots in here along the way to show how long I've been talking about Fusion GPS
How long I've been talking about Akhmetshin
That's where the case is coming to
My Fusion GPS case will cite these cases as just more and more examples where Fusion GPS--I believe--aided in the creation of dossiers through illegally-obtained material, potentially, with the Awans, to create dossiers against people
Much like the Michael Flynn case, to try to smear someone with information
And obviously I put out my amended complaint that they're going to be adding the partners of Peter Strzok and also Lisa Page
I also had to add Agent Pettijohn and Agent Whittaker of JTTF to my complaint
The strategy has been three levels, the collection level, which is the Awans, the Steele, Russians that he brought into the country
The second level is once you collect it all you then do a dossier:
You do analysis and figure out the best dirt you have on somebody--the best leverage you have
And then the third level is reprisal: you don't collect the information to not do anything with it
And that's the FBI level that's Andy McCabe through people like Strzok and Page as well as many many other people
There's also parallel FBI investigations at every level as well that have been kind of in the shadows, afraid to come forward, and have been kind of put kind of squelched by Andrew McCabe in JTTF
So it's a very small group of about sixty guys in internal to FBI, that just need to retire
Just find it find a nice farm and retire
Make a lot of money
And that will the sun-shining of documents documents documents is the answer
To have a dog and pony show up in Congress is all well and good
A couple of press releases saying that you're going to open an investigation is all well and good
But these are really just like curtains--putting new curtains on it on a collapsing building
What we really need is publication of documents
Publish the OIG hack
Publish the OPM hack data
Publish the IG report in Congress about the 5100 illegal logins
Publish the CDW report
Published these key documents from key investigations to show that you have good faith
Dog-and-pony shows are all well and good and everyone has--to fall on their sword a little bit publicly
But that's not really very substantive at all
And I'm not gonna just permit Bob Mueller to kind of act like judge and jury when he is a co-conspirator
He been a beneficiary as much of the graft as as Comey, McCabe and Rosenstein
It's not gonna happen
We can't have half well we'll split the Ocean's eleven team up here
You've you five guys go over there you be the jury and we five guys will go over here we'll be the judge
And then we'll pick one of us amongst us to beat up on
It doesn't work like that
Everyone should just retire now and move on
I'm gonna keep moving on the Uranium One case
I've obviously got a lot of new information they're publishing today
Keep moving on the reprisal level with Andrew McCabe got new stuff coming in Chappaqua
Got new stuff coming from the Mueller Team
And how the Mueller team was infiltrated with the Strozek infiltrators
So all these things are going to be discoverable
So sooner or later if the American people are not savvy enough to demand documents, they're going to get hoodwinked again, like we did in the Hillary investigation server and investigation and the Huma server
Lots of smoke all sound and fury signifying nothing
We need to move to documents publication of documents documents documents
I'm gonna do the comments for the first two videos and I think you'll see how all this is kind of connected now
Last night it was great because all the videos I did yesterday were those were the fodder for Carlson Tucker Carlson--The whole hour and that Hannity the whole hour
Even Laura Ingraham and Bret Baier have picked up on this as 20 watergates as Kallstrom has said
But the first thing is that the mainstream media has to recognize that Strzok and Page are the key to the whole thing
They're that the henchman and henchwoman of Andrew McCabe
So that was out there last night
Now they still have this text message oh they just said nasty text messages about Trump
That's where we are today
Now I'm going to move everybody a little bit forward again
This is Fusion GPS--They're taking the dossier process.
You collect it with you Awans
You move it to the dossiers with Fusion GPS
And then you then you do reprisals with the FBI
And this Strzok and Page are that how you do reprisals
You forward it as a series of unrelated messages, but you you send a couple of pieces of the dossier over here one day
And then a couple more pieces over there
And what you're doing is you're you're doing the deep dives
You're doing the messages from Flynn to Kislyak
You're doing the Jared Kushner messages
You're sending them over like you're just picking these up one at a time
Like you don't already have this sitting over in a MicroPACT case management system over at Fusion GPS
Now I'm not sure if they use MicroPACT at Fusion GPS or what the case management system is
But it's going to be a case management system, a lot like Theresa Grafenstine's case management system
I'm not saying Theresa Graphenstine's case management system is being used by Fusion GPS, but somebody if you had access to a case management system like Theresa Grafenstine has at Fusion GPS, you could query that system, and then send little bits and pieces of the dossier
Like text messages
And you could make it look like actual investigative work
And if you're a fake enough like Peter Strzok that works out really well because everybody actually thinks you're an FBI agent
So the other piece to this is when you find smoke, when you find a conversation between Flynn and Kislyak, you then need a FISA warrant
You need a FISA warrant
Well you're never gonna go to a three-judge panel actually with the FISA warrant, but let's just say this is Lisa Page here you're gonna go to Lisa Page and say, "hey, Lisa do that FISA write-up and then we're gonna say it's lost paperwork or it never got over to a judge
Now if somebody does a warrant like now and does it drill down, then you just run down the street two three three three Constitution in the middle of the night
So your favorite judge and he signs off on it and they back-date it
And then you're good to go
You're gonna find this combination
It's not an affair--the reason why there is Zelig
I noticed they even use my Zelig there
They're the reason why they're Zelig and they're everywhere is because it's a tight system
You don't want 18 people involved in this
This is what I keep saying it's so few people are involved in this with McCabe
These are the two and I'm not this isn't Lisa Page I don't think
But this this is how tight it is
They're gonna go from place to place to place to place where you need to speed out this Fusion GPS stuff, to make it look like there's an investigation
And this has happened over and over again, for the last I would say 20 years
Now Lisa Page didn't get involved until 2006
There was a lawyer here in town named Megan something that was used before that
And I don't think really Lisa Page gets into the full swing until about 2008 2009
But--the roles change, but basically you have somebody sweeping up after you and covering you in case somebody finds out you're doing illegal surveillance okay
So it's just that simple
So that's how that'll come out tonight I think on Carlson and then Hannity picks it up
And then Bret Baier says--there's a story going on around here, but I think it's gonna lead to the helicopter and Otay and those helicopter rides they take
Now I'm gonna go into the Strongsville Ohio connection from part two yesterday
People are asking me well why is this going so much faster why is this going so much faster
It seems like every day
Well Task Force is in the DC area and Task Force is helping me now
So you met Task Force earlier with the badge...mm-hmm I just wanted to let--that Task Force is helping me at inside professional who's dealt a lot in the law enforcement community
And this is about this is about feds coming into a local law enforcement, and basically taking over with their operation
And I'm gonna call this a State Department operation
And this is going to be an operation I talked about yesterday
And it's in Ohio
And you can see here that Lisa Page has these offenses of--affair interfering with official business and--doing wacky things with a car--get in front of the police officers and all this
You're gonna see all this wackiness
Why is Lisa Page doing all this wackiness out instructions
I'll play a little bit of it, "hey, this weird European Center there that got raided by the FBI
So for ten years we have a colorable operation range color-of-law operation ten years adoption object see if you read down a little bit farther worker it's got all of these kids from all these different countries from this mostly Ukraine
Now that would particularly significant
Again, a little bit farther into the State Department State Department state or a significant if it wasn't for the fact the State Department says the Sheriff through an adoption options the AC European adoption caucus all work from Bulgaria our handle all these countries and Ukraine Ukraine Ukrainian I realize the last one Ukraine Ukraine's the warrants the funnel for the Russian kids what they're doing is they're giving Russian kids and Russian families Ukrainian visas
So this was the Paul Manafort connection oh Manafort Paul Manafort Paul Manafort--okay
So they just
So the Mueller just took away Paul Manafort its bail conditions or they're against it
Somehow they think {{inaudible}} communicated with Paul Manafort maybe I don't know.
Wrong!
Andy's had a year to figure it out
Wrong! Bob Mueller
NO. What's happening is
Well let me just explain Strongsville
First of all Trump raided Strongsville
He met with Putin or his people met with Putin--they found out about this kind of breaking this is the Russian baby thing this isn't baby snatching
well maybe it is baby snatching
But they they raided it and the thing started in December, and then they raided it finally I think in February
And what is so beautiful about how this operation is run is you have these really great incredible parents through these religious organizations, trying to adopt these Russian kids
And they it takes forever and the the the kids--are older
And it just seems like oh my gosh these kids are never gonna get adopted
They're seven eight years old and it's these kind of folks here that are just the salt of the earth of Ohio
These are my parents...50 yrs ago
And these are just incredible people
They make what how'd the State Department runs this deal is you have a few people that are media fronting this operation
Which they are the most sincere people in the world
And then you have the Saipov babies coming in like there's no tomorrow
Everytime a Saipov trucker is going for another thing of uranium--taking another thing in uranium out, he's bringing a kid back
And you only need about 23 visas to reuse over and over again
They finally bust the operation in June this year okay
So they're shutting it down but
Again, the greed they just want to keep this thing going it's just it's it's amazing actually
And the fact that Jeff Sessions hasn't figured it out is quite quite amazing
And I wonder if there's any uranium dealings in Mobile, Alabama down there at the Naval Center
We'll get to that later
But anyway here's the Strongsville adoption agency
What they're doing is are bringing them up through Texas
And these Texas truckers I hate to go but down to the Texas shooting
Again, but Texas truckers there's going to be a network of about 2,000 of these truckers that are using the commercial drivers licenses--the commercial operators licenses for a very few set of trucking companies
And a whole bunch of different companies are gonna use those
If they get busted they get busted right for not having driver's licenses...
But they're bringing them up from the Mexican border and on these truckers, then if anybody ever gets arrested they throw Uzbeki truckers under literally under the truck, under the bus, and get them arrested
So you only need about twenty seven visas 23 visas what did Trump say that Saipov had about 23 visas?
And then you keep losing your visa
We keep printing new visas in in in Kingston, right?
And just keep losing visas printing visas losing visas printing visas
After well we got about--500 visas
These are the visas that are gonna be in the indictments in the sealed indictments
Now I'm daring Mueller I'm daring you right now to unseal those indictments
Because I know most of them are gonna be because of these duplicate visas the people using the duplicate visas
All you have to do is do is go to the TSA
And what's funny is Kirsten Kirsten and Nielsen the new DHS--she's from TSA--she knows how to do this match very quickly, and see that these visas have been used by different people
This is why the conspiracies collapse so quickly
So anyway the the history of abuses goes back a long way with this Center--this European adoption consultants--this EAC
I've had people way back when I mean I want to say a hundred day 150 go shoot video at this place after I was there the first time
And it's it's pretty much shut down now after the raid
But this goes back a long way, where there's all kinds of neglect while these babies are being stored in the Texas area
I'm not gonna say it's where the Texas shooting was but that's why it gets close to
And then they bring them up here when they have a match in Ohio
And I think there's gonna be Cincinnati
It's also gonna be Cleveland are the two places
And then I also think Minnesota
I think it's gonna be in near like Rochester Minnesota
They like the out-of-the-way places they don't like to go into Cleveland they're going to places that have a strong presence of law enforcement
They like to out-of-the-way places where they kind of control the Sheriff...
Bitcoin znaka the dropper map. Bitcoin znaka the dropper map. Bitcoin btc to indian rupee inr price converter calculator. Aml bitcoin creator saw early weakness in - bitcoinist.com. Bitcoin founder day he died xxtentaction. How to buy a bitcoin mining contract very quickly easily. Bitcoin miner for windows 10 solo. The macro is actually a dropper script that once enabled will attempt to obtain and execute remote code (the payload). The payload encrypts all accessible files with a strong encryption key, removes backups and leaves behind a ransom note; instructing the user how to pay the Bitcoin equivalent of around $1000 in return for restoring the files: In this Library Dropper Map: We are playing the largest dropper map ever made. We must survive 50 drops in giant room with epic builds to beat this epic creation! This new campaign, dubbed HaoBao, resumes Lazarus’ previous phishing emails, posed as employee recruitment, but now targets Bitcoin users and global financial organizations. When victims open malicious documents attached to the emails, the malware scans for Bitcoin activity and then establishes an implant for long-term data-gathering. Join Planet Minecraft! We're a community of creatives sharing everything Minecraft! Even if you don't post your own creations, we appreciate feedback on ours.
Covid-19 Symptoms For 14 Weeks and Counting, Treatment and Recovery for Long Haulers - Duration: 34:16. Modern Aging - Holistic Health and Wealth After 50 Recommended for you. New FIRST MADE MINECRAFT DROPPER MAP! w/ UnspeakableGaming 🚩 SUBSCRIBE to UnspeakablePlays - https://goo.gl/KxX4c7 👚 MERCHANDISE - 🡆 https://www.unspeakable.co/ ... Wherever you are in the world, the Bitcoin Cash Map app lists the location of brick and mortar stores that let you pay with Bitcoin Cash. Discover nearby merchants, or add your own business to ... The Long-awaited bitcoin mining calculator is now here don't read below or else If you turn on the 🔔 i will be very happy please im begging you ---[👌]-[socia... Bitcoin! Bitcoin minen - Bitcoin erklären! In Minecraft! Mehr Creations: http://bit.ly/1BMuVAd Spark Merch Shop: http://gcnet.de/?Smerch Mein Buch: htt...
