diff --git a/_posts/Malware Analyze/2024-01-15-unpacking-hydracrypt.md b/_posts/Malware Analyze/2024-01-15-unpacking-hydracrypt.md
index 1419b56..16be588 100644
--- a/_posts/Malware Analyze/2024-01-15-unpacking-hydracrypt.md	
+++ b/_posts/Malware Analyze/2024-01-15-unpacking-hydracrypt.md	
@@ -159,4 +159,68 @@ private static void Run()
     }
 }
 
-```
\ No newline at end of file
+```
+
+### Password creation
+
+The malware will generate a 50-character password.
+
+```csharp
+private static string CreatePassword(int length)
+{
+    StringBuilder stringBuilder = new StringBuilder();
+    Random random = new Random();
+    while (0 < Math.Max(Interlocked.Decrement(ref length), length + 1))
+    {
+        stringBuilder.Append("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=&?&/"[random.Next("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=&?&/".Length)]);
+    }
+    return stringBuilder.ToString();
+}
+```
+
+### ID Creation
+
+The HWID() method generates a Hardware Identifier (HWID) using certain system information such as the current thread's ID, the username, the machine's name, the operating system version, and the system page size. This method returns the HWID as a string.
+
+The GetHash(string strToHash) method takes an input string, converts it into a 10-character MD5 hash using UTF-8 encoding, and then returns the result in uppercase without dashes.
+
+```csharp
+internal class Hwid
+{
+    public static string HWID()
+    {
+        string result;
+        try
+        {
+            result = Hwid.GetHash(string.Concat(new object[]
+            {
+                Environment.CurrentManagedThreadId,
+                Environment.UserName,
+                Environment.MachineName,
+                Environment.OSVersion.VersionString,
+                Environment.SystemPageSize
+            }));
+        }
+        catch
+        {
+            result = "Error HWID";
+        }
+        return result;
+    }
+
+    public static string GetHash(string strToHash)
+    {
+        string result;
+        using (MD5 md = MD5.Create())
+        {
+            byte[] bytes = Encoding.UTF8.GetBytes(strToHash);
+            result = BitConverter.ToString(md.ComputeHash(bytes), 0, 10).Replace("-", "").ToUpper();
+        }
+        return result;
+    }
+}
+```
+
+The result will be displayed in the ransomware note.
+
+![your-id](/images/hydracrypt/your-id.png)
\ No newline at end of file
diff --git a/images/hydracrypt/your-id.png b/images/hydracrypt/your-id.png
new file mode 100644
index 0000000..961d8df
Binary files /dev/null and b/images/hydracrypt/your-id.png differ