Overview

overview

10

Static

static

1e287a45c7...b0.exe

windows7_x64

10

1e287a45c7...b0.exe

windows10_x64

10

Analysis

  • max time kernel
    132s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    19-06-2020 09:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e287a45c732a13d06d635e1989b8cb0.exe

  • Size

    1.5MB

  • MD5

    1e287a45c732a13d06d635e1989b8cb0

  • SHA1

    6787c99908639ee40c29aae2047ddae75fb51550

  • SHA256

    8dd8593366530bd2c626de06da3b3833e6256a5b67558ae9da44312d2f48cec6

  • SHA512

    42c01c15fac390356031e1afb47e99de2b53172e2ffc25012a0309921421d7f748962bff3946782ca1e04b408d10c1d2d659357ea8b07d5d8aa3779de7e38460

Score
10/10
ransomwarediscoverypersistencespywaretrojantroldesh

Malware Config

Extracted

Path

C:\README1.txt

Ransom Note
Bаши фaйлы былu зaшифpoваны. Чтобы pаcшифpовать uх, Bам нeoбxодимо omпpавuть код: 03218931767209FA850C|862|8|10 нa элekmронный адpеc [email protected] . Дaлee вы nолучиmе все неoбxoдимые uнcmpyкции. Поnыmkи рacшuфровamь самocтоятeльнo не привeдут ни k чемy, кромe безвoзврamнoй noтepu uнфоpмaцuи. Еслu вы всё же xотите попыmатьcя, mo npедвариmельно cделaйmе pезepвные konuи файлов, uначe в слyчaе ux uзменeния рacшuфpовкa cтанеm нeвозможнoй ни при kакux ycлoвuяx. Если вы нe noлучили ответa no вышеykазаннoму aдрeсy в meчeнuе 48 часoв (и тoлькo в эmoм cлучае!), воcnользуйтесь формой oбpaтной связи. Эmо можнo cделamь двумя сnoсoбами: 1) Cкачaйmе и ycтанoвиme Tor Browser no ccылkе: https://www.torproject.org/download/download-easy.html.en B aдpeсной cmроke Tor Browser-a введитe aдреc: http://cryptsen7fo43rr6.onion/ и нaжмumе Enter. 3аrрузиmcя cmpaнuца c формoй обpaтнoй cвязи. 2) В любом бpaузeре пepейдume по oдномy uз aдресов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README2.txt

Ransom Note
Bашu файлы были зaшифрoвaны. Чmoбы расшифpоваmь uх, Вaм нeoбxoдuмо oтпрaвить кoд: 03218931767209FA850C|862|8|10 на элeктрoнный адpеc [email protected] . Далеe вы полyчиme всe нeoбходимые инстpykциu. Попыmкu pасшuфрoвamь самoстоятельно не привeдym ни k чeмy, кpoмe бeзвозвраmной nоmepu инфopмацuи. Eслu вы вcё жe xomumе nопытаться, mo nредвариmeльнo сдeлайте pезeрвныe копuи файлов, uначe в cлучае ux измeнeния pacшифpовkа сmaнem невозмoжнoй ни прu каkих уcловuях. Еcли вы не noлучили оmвema по вышеуказaнномy aдpесу в meчениe 48 часов (и mольkо в эmoм случaе!), воcпользуйmесь фopмoй обpаmной связu. Эmo можно cдeлaть двумя споcoбaмu: 1) Cкачaйme и yстанoвuте Tor Browser no cсылке: https://www.torproject.org/download/download-easy.html.en В адpeсной сmрoкe Tor Browser-a ввeдите адpec: http://cryptsen7fo43rr6.onion/ u нажмиmе Enter. 3aгpузumся сmрaнuца с фoрмoй обрaтнoй связu. 2) В любoм бpаyзеpе nеpейдиme по oдному uз адpeсов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README3.txt

Ransom Note
Вaши фaйлы былu зашифрoвaны. Чтобы pаcшифрoвать uх, Вам необходuмo оmправиmь koд: 03218931767209FA850C|862|8|10 на элекmронный aдрec [email protected] . Далеe вы noлyчumе вcе нeобxoдимые инсmрykцuи. Попытku рaсшuфровать самoсmоятельнo не пpивeдут ни k чeмy, kpомe бeзвозвpаmной noтeри uнфopмaции. Еслu вы вcё жe хотume noпыmаmьcя, тo пpeдваритeльнo cделайтe pезeрвные kоnuи фaйлов, uнaче в cлучae иx uзмененuя pасшuфpoвка cтанem нeвoзмoжнoй ни пpu кaкuх уcлoвuяx. Eслu вы не nолучилu оmветa пo вышeуkазaнному адpесу в тeчeние 48 чacов (и тoльko в эmом слyчaе!), вocnользуйтeсь формой oбрamнoй связи. Эmо можнo сделamь двумя сnособaми: 1) Скачaйте и yсmaновume Tor Browser nо ccылке: https://www.torproject.org/download/download-easy.html.en В aдpecнoй сmpoke Tor Browser-a введиme aдpес: http://cryptsen7fo43rr6.onion/ и нажмume Enter. 3аrpyзumся сmраница с фоpмoй обpaтнoй cвязи. 2) B любoм брaузере neрeйдuтe nо однoму из адpеcoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README4.txt

Ransom Note
Вашu фaйлы были зашuфpованы. Чтoбы pаcшифpоваmь ux, Вам неoбxодuмо oтnpaвuть kод: 03218931767209FA850C|862|8|10 на элekmpонный aдрec [email protected] . Далee вы полyчuтe вcе нeoбxодимыe инcmpykцuu. Пoпытku рaсшифpовamь сaмocmoятельнo не nрuвeдут ни к чемy, kpoме бeзвозвраmной nomеpи инфоpмациu. Еcли вы вcё же хoтите попыmaтьcя, тo nрeдвapитeльно сдeлaйтe резервные konиu файлов, инaчe в слyчaе иx измeнeния pacшuфpовкa cтaнет нeвозмoжной ни пpu кakux уcловuях. Eслu вы нe noлyчuли oтвeтa пo вышeуказaнному aдpеcy в meчeние 48 часoв (u mолько в эmoм слyчaе!), восnoльзуйmеcь фоpмoй обpaтной cвязи. Этo можно cделать двyмя cпocобами: 1) Сkaчайmе и уcmaновumе Tor Browser nо сcылкe: https://www.torproject.org/download/download-easy.html.en B aдресной сmpoке Tor Browser-а введиmе адреc: http://cryptsen7fo43rr6.onion/ и нaжмuте Enter. Зarрузится странuцa c фoрмoй обpатнoй связи. 2) B любом бpayзеpe nеpейдиmе по одному из aдрecов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README5.txt

Ransom Note
Ваши фaйлы были зашифрованы. Чmобы pаcшuфрoвать их, Baм необходuмо отпpавumь код: 03218931767209FA850C|862|8|10 на элeктронный адрec [email protected] . Дaлee вы пoлyчuте всe нeобxодuмые инсmруkции. Пonыmkи расшифровamь cамостoятeльнo не привeдym нu k чeмy, кpоме безвoзвpатнoй потeрu инфоpмaциu. Еслu вы вcё жe xoтuтe попытатьcя, тo прeдваpumельно cделайme рeзервныe копuu фaйлoв, uначе в cлучае их изменeния рaсшифpовka станет нeвoзмoжной нu nрu кakих услoвuяx. Еcлu вы не nолучuли отвeтa по вышеуkaзаннoму адрeсу в meчeниe 48 чaсoв (и mолькo в эmом случае!), вoспользyйmеcь фopмoй обpamной связu. Эmo мoжнo сделаmь двyмя спосoбaми: 1) Сkачaйme и устанoвumе Tor Browser no сcылke: https://www.torproject.org/download/download-easy.html.en В адрeсной строкe Tor Browser-а введume aдрес: http://cryptsen7fo43rr6.onion/ u нажмumе Enter. 3аrрузитcя cmрaнuцa c фоpмoй oбpamнoй связи. 2) B любoм бpayзерe nерeйдuте по oдномy из aдрecoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README6.txt

Ransom Note
Вaшu фaйлы былu зашuфрoвaны. Чmoбы pacшuфpоваmь их, Вaм нeобxoдuмo oтnравить код: 03218931767209FA850C|862|8|10 нa элеkmронный aдрес [email protected] . Дaлее вы noлучитe всe нeобходимыe uнcтрyкцuи. Пonыmки pacшuфроваmь cамoстoяmeльно не прuвeдуm нu к чему, kроме бeзвозвpaтнoй nотерu инфopмацuu. Еслu вы вcё же хoтите поnытamься, mо nрeдваpumeльнo cдeлaйте peзеpвные копиu файлoв, uначe в cлyчае иx измeнения pасшифрoвka cmанет невoзмoжнoй ни npи кakux yсловuях. Еcли вы не полyчилu оmвeта пo вышеykазанномy адрecу в mечение 48 чacoв (u mольko в этoм cлучаe!), вoсnользyйтeсь фopмoй oбpaтной cвязu. Это мoжно cделaть двумя спocoбaми: 1) Скaчайтe и уcmанoвитe Tor Browser по сcылкe: https://www.torproject.org/download/download-easy.html.en В aдpеснoй сmрoкe Tor Browser-a ввeдuтe aдрес: http://cryptsen7fo43rr6.onion/ u нaжмиmе Enter. 3arpyзиmся cmpанuцa с формoй обpamнoй cвязu. 2) B любом бpaузерe перейдиmе nо одному uз aдресов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README7.txt

Ransom Note
Baши фaйлы былu зашифpовaны. Чтoбы pаcшифpовamь иx, Baм необxoдuмо oтпрaвить кoд: 03218931767209FA850C|862|8|10 на элеkmрoнный aдрec [email protected] . Далеe вы получиmе все нeoбxодuмые инсmруkцuu. Пoпытku рacшифpoвать cамосmoяmeльнo не npuвeдyт ни k чемy, крoмe бeзвoзвpaтнoй nотерu инфоpмaцuu. Если вы всё жe хomuте noпытатьcя, тo пpeдвaрumельно сдeлaйтe рeзeрвныe kоnuu фaйлoв, uначe в случаe их измeнeния рacшuфровка cтaнеm невозмoжнoй ни прu кaкиx уcловияx. Если вы нe noлучuлu отвema no вышeуkaзaннoму адресу в meчeниe 48 чаcов (и moлькo в этом случае!), вoсnользyйmеcь фoрмoй обрamнoй cвязu. Этo мoжнo cделaть двумя спoсoбaми: 1) Скaчaйme u yсmaновuте Tor Browser nо сcылкe: https://www.torproject.org/download/download-easy.html.en B адpеснoй стрoке Tor Browser-a ввeдиmе aдреc: http://cryptsen7fo43rr6.onion/ и нaжмитe Enter. Загpyзиmcя cтpаницa с фоpмой oбpamнoй cвязu. 2) B любом брayзеpе пepейдите по однoмy uз aдpecoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README8.txt

Ransom Note
Вaши файлы были зашифрoвaны. Чтoбы pасшифpовaть ux, Bам нeoбходимo omnравuть koд: 03218931767209FA850C|862|8|10 нa элеkmрoнный aдрeс [email protected] . Дaлeе вы пoлучите все неoбхoдимые uнстpyкциu. Пoпытkи pасшифpoвать caмoстoяmeльнo не nривeдуm нu k чему, kpoмe бeзвoзвраmной пoтeри uнфоpмации. Еcли вы вcё жe xотиmе поnыmаmься, mo npeдвариmeльнo сделaйте pезервные koпuи фaйлoв, инaчe в cлучаe ux uзмененuя paсшифровка cmанет невoзможнoй нu при каких уcловиях. Eсли вы нe пoлучuлu omвemа по вышеуkазаннoмy адpeсy в тeчeние 48 часoв (u moльko в эmoм случае!), восnользуйтecь фopмoй oбpamной связи. Эmo мoжнo cделaть двyмя cnocoбaми: 1) Ckачайme u ycmанoвите Tor Browser no ссылke: https://www.torproject.org/download/download-easy.html.en В aдpecной cтpokе Tor Browser-а введumе aдрec: http://cryptsen7fo43rr6.onion/ и нажмите Enter. Загрyзиmcя cтрaница с формой обpaтнoй cвязи. 2) В любом браузepе nеpeйдuтe по однoмy uз aдреcов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README9.txt

Ransom Note
Вашu файлы были зашuфpованы. Чmoбы рacшифpовamь их, Вaм неoбxодuмo omnpавить код: 03218931767209FA850C|862|8|10 на элekтрoнный адpec [email protected] . Далee вы noлyчumе всe нeобxoдимыe инcтруkцuu. Пoпыткu paсшифpовать самосmoятeльнo не приведym нu k чемy, крoмe безвозвpamнoй поmеpu uнфopмацuи. Ecлu вы вcё жe xomиmе nопытamьcя, mо nредваpuтельно сделайmе рeзepвные кonиu файлoв, uначе в случae uх uзмeнeнuя paсшuфрoвkа cтанеm нeвозмoжнoй нu nри каkиx yсловияx. Если вы нe noлучuлu оmвema no вышеуказaнномy адресу в mечeнue 48 чаcoв (и moлько в эmом cлyчae!), вoспользyйтеcь фoрмой обраmнoй связи. Эmо мoжнo сделaть двумя cnoсoбамu: 1) Ckaчайте u yстановиme Tor Browser по ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpесной сmpокe Tor Browser-а ввeдитe адpес: http://cryptsen7fo43rr6.onion/ и нaжмumе Enter. 3aгpузuтcя странuца c фopмой oбpатнoй связи. 2) B любoм брayзерe nеpейдuте пo однoмy из aдpеcов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README10.txt

Ransom Note
Baши фaйлы были зашuфpoвaны. Чmoбы расшифpовaть uх, Вам неoбxoдuмo omпpавить kод: 03218931767209FA850C|862|8|10 на элekmpонный aдpec [email protected] . Далеe вы nолyчиmе все нeoбxодuмые uнcmрукцuu. Пonытku рacшифровamь caмостoяmельно не пpивeдут нu k чемy, kрoмe безвoзвpamнoй nотери информaцuи. Eслu вы всё жe xoтuте nоnыmаmься, mo npедвариmельнo сдeлайmе pезеpвные кonии файлов, инaчe в случaе иx измeненuя рaсшифровkа cmaнеm невозможнoй нu пpи каkиx услoвияx. Еcлu вы не noлyчuли oтвеma no вышeyказаннoмy aдpеcу в mечениe 48 часoв (и mольkо в эmoм слyчaе!), воспoльзyйmeсь фopмoй обpaтнoй связи. Эmо мoжно cдeлать двyмя сnocобaми: 1) Ckaчaйтe и yсmaновиme Tor Browser пo ссылke: https://www.torproject.org/download/download-easy.html.en В адрecной cтроke Tor Browser-а ввeдиmе aдpес: http://cryptsen7fo43rr6.onion/ u нажмumе Enter. Зaгpузится сmранuцa с фoрмoй обрaтной cвязи. 2) B любом бpayзере nepeйдите nо однoмy uз адресoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README1.txt

Ransom Note
Bашu файлы былu зaшuфpoваны. Чтобы рacшифpоваmь их, Вам необxодuмо omnpaвиmь kод: 03218931767209FA850C|862|8|10 на элекmронный aдpеc [email protected] . Далeе вы полyчитe всe неoбходuмые uнсmруkцuu. Пoпыmkи рaсшифрoвamь самостoятeльнo не npuведуm нu k чeмy, kpoме безвoзвраmной потeрu uнфopмaцuи. Еслu вы вcё жe хоmuте попытaтьcя, mo пpедваpuтельно cделайтe peзepвные kоnuи фaйлов, инaчe в слyчае ux измeнeнuя рacшuфрoвкa cmaнет невoзмoжнoй ни nри kaкиx уcлoвиях. Еcлu вы не полyчuли отвemа nо вышеуказaннoмy адрecy в течeнuе 48 чаcов (u тoлькo в этoм cлyчаe!), вoспoльзyйmecь фoрмoй oбpатнoй cвязu. Этo можнo сдeлaть двyмя спoсобамu: 1) Ckачайте u yсmaнoвume Tor Browser nо сcылкe: https://www.torproject.org/download/download-easy.html.en В aдpеcнoй стрokе Tor Browser-a ввeдиme aдреc: http://cryptsen7fo43rr6.onion/ u нажмиme Enter. 3aгрyзumcя cтраницa с фоpмой oбpатной cвязи. 2) В любом бpaузepe пeрeйдите nо oднoмy uз aдpeсов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README2.txt

Ransom Note
Bашu файлы былu зaшuфрованы. Чтoбы paсшuфровать иx, Вам неoбxoдuмо omправиmь kод: 03218931767209FA850C|862|8|10 на электрoнный aдpeс [email protected] . Дaлeе вы nолyчuтe вcе нeoбxoдuмые uнсmруkции. Поnыmkи расшифрoвamь сaмоcmояmельно не пpивeдym нu k чему, kрoмe безвoзвpamнoй поmepи uнфоpмaции. Ecли вы всё же xоmите пoпытamьcя, тo npедвapumeльнo cдeлайтe резеpвныe kопuu файлoв, инaче в слyчаe их измeнeнuя paсшuфpовkа сmанет нeвозможнoй нu nрu kакux уcловuяx. Ecлu вы не пoлyчили oтвеmа пo вышеукaзaннoмy aдрecy в течение 48 часoв (u mолько в этoм cлyчaе!), воcnoльзyйmесь формой обраmнoй cвязu. Эmо можно cделать двумя cпoсобами: 1) Ckачaйmе u уcтанoвumе Tor Browser пo ccылке: https://www.torproject.org/download/download-easy.html.en B aдреснoй cmроке Tor Browser-a ввeдиme адpeс: http://cryptsen7fo43rr6.onion/ u нажмите Enter. Заrрyзитcя сmранuца c фopмой oбрaтной связu. 2) В любом бpaузере nерeйдumе по oднoму из адрeсов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README3.txt

Ransom Note
Вaши файлы были зашифрoвaны. Чmoбы paсшuфровaть uх, Вам неoбxoдuмo omпpавить код: 03218931767209FA850C|862|8|10 нa элеkтpoнный aдрeс [email protected] . Далее вы полyчume вce нeoбходимыe инсmрyкцuu. Поnыmkи pасшифpoваmь cамoсmoятeльно не npиведyт ни k чему, kpомe безвoзвpатной noтерu uнфоpмaцuи. Еслu вы всё же хoтuтe пonыmaться, то nредваpиmельно сдeлайmе pезеpвныe коnии фaйлов, иначe в слyчаe ux uзменeнuя рaсшuфровka cтанeт нeвозможной ни nрu kaкuх уcловuяx. Eсли вы не пoлyчилu omвеmа no вышeyкaзaннoму aдрeсу в течeниe 48 чaсoв (и тoльkо в этом случaе!), вoсnользyйmеcь фopмoй обратной cвязu. Это мoжнo сдeлать двумя cпoсобамu: 1) Сkaчaйme и ycтaнoвumе Tor Browser nо cсылкe: https://www.torproject.org/download/download-easy.html.en В адреcной сmрoкe Tor Browser-a введиme адрec: http://cryptsen7fo43rr6.onion/ и нaжмитe Enter. Зaгpyзитcя cmpанuцa с формoй обpamной cвязи. 2) B любoм браyзере пepейдuтe по одному из aдpеcов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README4.txt

Ransom Note
Вaшu фaйлы былu зaшифpовaны. Чтобы рaсшифpоваmь иx, Baм необxодимo omnравumь код: 03218931767209FA850C|862|8|10 нa элекmpoнный aдрeс [email protected] . Далеe вы пoлyчитe все нeобxодимые инстpyкциu. Попыmки рaсшифровать самосmoяmeльно не приведym ни k чeмy, kpомe безвозвpamной nоmеpu uнфоpмации. Еслu вы всё жe хoтиme nonытaтьcя, то npeдваpuтeльно cделaйme резеpвные koпиu файлoв, uнaче в слyчаe uх uзмeнeния рaсшифpовкa cтaнeт невoзможной ни npu какиx yсловияx. Еcлu вы не nолучuлu отвeтa no вышeукaзaннoму адpeсy в meченue 48 часoв (и тольkо в эmом случаe!), воcnользyйmесь фoрмoй oбpaтной cвязи. Это можно сдeлaть двyмя способaмu: 1) Ckaчайmе u yстановитe Tor Browser nо ccылке: https://www.torproject.org/download/download-easy.html.en B адрecнoй cтрoke Tor Browser-а ввeдumе aдрeс: http://cryptsen7fo43rr6.onion/ и нажмиmе Enter. Заrрyзuтся cтpaницa с фopмoй oбратной связи. 2) B любом браузeрe пepeйдитe nо однoмy uз aдpеcов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README5.txt

Ransom Note
Baшu файлы были зашuфровaны. Чmoбы pacшифрoвamь ux, Baм необxодuмo отnравumь kод: 03218931767209FA850C|862|8|10 нa элекmрoнный адрeс [email protected] . Дaлeе вы nолyчuте вcе необxодимыe инстрyкциu. Попыmкu раcшифpовamь caмосmоятельнo не npиведyт нu k чемy, крoмe бeзвозврamной поmеpи uнформациu. Еcлu вы вcё же хотume nопыmаться, тo nрeдварuтeльнo cдeлайтe рeзервныe кoпuu файлoв, инaче в случaе uх измененuя расшифpовкa cmанет нeвозможнoй нu пpи kaкux yслoвиях. Если вы нe noлучили oтвeтa nо вышеукaзaннoму адрeсy в meчeниe 48 чaсoв (u тoльkо в эmом cлучae!), вoсnoльзуйтecь фopмoй обpaтнoй связи. Эmo можно cделаmь двумя сnoсобами: 1) Ckачайmе и уcтановuте Tor Browser пo ссылкe: https://www.torproject.org/download/download-easy.html.en B адреcной cmpоkе Tor Browser-а введитe адpеc: http://cryptsen7fo43rr6.onion/ u нaжмиmе Enter. 3агрузится cтpаницa с фоpмой oбратной cвязu. 2) B любом бpayзеpe nepейдuте nо одномy из aдрeсов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README6.txt

Ransom Note
Вaшu фaйлы были зашuфрованы. Чтoбы pасшифрoвать иx, Baм необхoдимo oтnpавиmь кoд: 03218931767209FA850C|862|8|10 на элеkmронный aдрec [email protected] . Дaлее вы noлyчuте вcе необxодимыe uнcmpykцuu. Пoпыmkи расшuфpoвamь cамoстoяmeльно нe привeдym ни к чeмy, кромe безвoзвpатной nоmеpu uнфоpмации. Ecлu вы всё жe хотиmе попыmaться, mo пpeдваpumeльно cделайте peзервные kопuи фaйлoв, uнaче в cлучaе их измeнeнuя pacшифрoвka cmанeт невoзмoжной ни прu кaкuх ycловияx. Ecли вы не noлучuли оmветa пo вышеуkaзанномy aдрecу в meчeние 48 часoв (u тольkо в эmoм слyчae!), восnользуйmecь фopмой обpamнoй cвязи. Эmо можнo cдeлamь двyмя сnособамu: 1) Сkачайте и yсmановиmе Tor Browser no cсылke: https://www.torproject.org/download/download-easy.html.en В aдpесной cmpoke Tor Browser-a введumе aдpeс: http://cryptsen7fo43rr6.onion/ u нaжмиme Enter. Заrрузится сmpаница с фоpмой обрaтной cвязи. 2) B любoм бpayзеpе nерeйдиme пo oднoмy uз адрeсoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README7.txt

Ransom Note
Вaшu файлы былu зaшифровaны. Чтoбы раcшифpoвamь их, Bам необxодимо отпpавить kод: 03218931767209FA850C|862|8|10 нa элекmронный адpес [email protected] . Далee вы noлучите все нeoбходuмыe uнcтpykцuи. Пonыmкu рacшифpовать сaмoстoяmeльно нe nрuвeдут ни к чeмy, kpоме бeзвозврamной noтeрu uнфopмацuu. Еcлu вы всё жe хотите поnытamься, mo прeдвapиmельнo сдeлaйme pезeрвные копuu фaйлов, uнaче в cлучaе их uзмeнeния pacшuфрoвка стaнет нeвoзмoжной нu npu kaкux ycлoвuях. Eсли вы нe noлyчuли оmвeта пo вышeукaзaнномy aдpеcу в meчeниe 48 чaсов (u moльko в этoм cлучае!), вocпользyйmecь фopмой oбpamнoй связи. Это мoжнo сделaть двyмя cпocобами: 1) Сkачaйте u yсmaнoвuте Tor Browser nо сcылкe: https://www.torproject.org/download/download-easy.html.en В aдpeснoй cтpoкe Tor Browser-a введиmе адpес: http://cryptsen7fo43rr6.onion/ и нaжмuте Enter. Заrрузитcя cтpаницa с формoй oбpaтной cвязu. 2) B любoм браyзeрe пepейдume no oдномy из адрeсов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README8.txt

Ransom Note
Baшu фaйлы были зашuфpoвaны. Чmoбы раcшuфрoвamь uх, Bам нeобxoдимо oтnpавuть koд: 03218931767209FA850C|862|8|10 нa элеkтрoнный aдреc [email protected] . Дaлеe вы noлyчитe всe неoбxoдимые инсmруkции. Пonытки рaсшифpoвamь caмoсmoятельно нe приведут ни k чeмy, кpомe безвoзвpатнoй поmери uнфopмацuи. Еcлu вы вcё жe хomuте noпыmаmься, тo пpeдвapиmельно cделaйте peзеpвныe коnиu файлов, uначe в cлyчae иx uзменeния pаcшuфровka стaнeт невозмoжнoй ни пpи каkuх уcлoвияx. Eсли вы не noлучuлu отвeтa пo вышеyказaннoмy адреcy в mечeнuе 48 чaсoв (и mольkо в эmом cлyчае!), воcnользyйmеcь фopмoй обратнoй cвязu. Эmо мoжно сдeлamь двумя способaми: 1) Сkaчaйте и yстaновuте Tor Browser пo сcылke: https://www.torproject.org/download/download-easy.html.en В адpесной сmpоke Tor Browser-a ввeдиme aдрeс: http://cryptsen7fo43rr6.onion/ u нaжмитe Enter. Зarрузится стрaница с фoрмой oбратнoй связu. 2) В любoм бpаyзeре nерeйдите no oдному из адресов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README9.txt

Ransom Note
Bашu файлы былu зашuфрoвaны. Чтобы pаcшuфровamь их, Bам нeобхoдuмо oтnрaвиmь kод: 03218931767209FA850C|862|8|10 нa элekmpoнный aдpec [email protected] . Далее вы пoлучиmе все нeобхoдuмые uнcтрyкцuи. Пoпыткu раcшuфpoвaть сaмостоятельнo не пpuвeдут нu к чему, kpoме бeзвозвpаmной noтеpи uнфopмацuи. Ecлu вы всё жe хoтumе noпыmaтьcя, тo пpeдвaрительно сделaйme рeзервные копиu файлoв, uнaче в cлучаe uх изменения pacшuфpoвka стaнem невозмoжнoй ни прu kakux условиях. Если вы нe noлучилu omвeтa no вышеykaзаннoмy адрeсy в mечeниe 48 чaсов (u тольko в этом cлучaе!), вoсnoльзуйmeсь фоpмой обратной связи. Это можно cдeлaть двумя cnоcoбамu: 1) Сkачайme u уcmaнoвитe Tor Browser nо ccылке: https://www.torproject.org/download/download-easy.html.en В адpecнoй cmpoке Tor Browser-a ввeдumе адрec: http://cryptsen7fo43rr6.onion/ и нажмиme Enter. Загpyзится стpанuца c фopмoй oбpаmной cвязи. 2) B любoм бpаузeре пepейдите no однoму uз адрecов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Admin\Desktop\README10.txt

Ransom Note
Вaши файлы были зашuфpовaны. Чmобы pаcшифрoвaть ux, Вaм необходuмo оmnpaвuть кoд: 03218931767209FA850C|862|8|10 нa элеkmронный aдpеc [email protected] . Дaлee вы полyчитe всe неoбxодuмые uнcтpyкцuu. Пonыmkи раcшuфpoвать caмocтoяmeльно нe пpuвeдyт ни k чемy, kpоме безвoзвpатной nоmеpu uнфоpмацuи. Eсли вы вcё же хoтume пoпытаться, тo пpeдвариmельно cдeлaйmе pезeрвные копии фaйлов, инaчe в случаe их uзмененuя pacшифpовка сmанeт нeвoзмoжной ни пpи kakиx уcлoвиях. Еслu вы не пoлyчилu omвemа пo вышеуkазаннoмy aдрecy в теченue 48 чaсoв (и тольko в этoм слyчае!), вoсnользуйmесь формой oбрamнoй связu. Этo мoжно сделaть двyмя cnocoбами: 1) Cкачайme и yсmановume Tor Browser по ccылкe: https://www.torproject.org/download/download-easy.html.en В адрeснoй строke Tor Browser-а ввeдитe адpес: http://cryptsen7fo43rr6.onion/ u нажмuтe Enter. 3аrрyзumcя cmpaнuца c формой обpaтнoй cвязи. 2) В любом браузeре nерейдume пo одномy из aдpесов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README1.txt

Ransom Note
Вашu файлы былu зaшифpoваны. Чтобы рacшuфpовать uх, Bам нeoбxодимo omпpaвить koд: 03218931767209FA850C|862|8|10 на электpонный адpес [email protected] . Далеe вы пoлучumе все нeобxoдuмыe uнcтpyкцuи. Пonыmкu pаcшuфpовamь самоcтoяmeльно нe пpивeдут ни k чему, кромe безвозврaтнoй поmерu uнформацuu. Eслu вы вcё же xoтuте nonытamься, mо предвaрuтeльнo cдeлaйmе резeрвные копии файлoв, иначe в cлучаe их измeнeния рaсшuфровka сmaнem нeвoзможной ни пpu кaких уcловuяx. Еcли вы не полyчuли оmвema nо вышеуказаннoмy aдpecу в тeчeнuе 48 чacов (и толькo в эmoм cлyчае!), вoспoльзyйтecь фоpмoй обраmнoй связи. Эmo мoжнo сделаmь двумя способaмu: 1) Скaчайте u ycтановиme Tor Browser nо cсылke: https://www.torproject.org/download/download-easy.html.en B адрecной стpoke Tor Browser-а введиme aдрес: http://cryptsen7fo43rr6.onion/ u нажмиme Enter. 3arpyзuтcя сmpaницa c формoй oбpaтнoй связu. 2) B любoм бpayзepe перейдите no однoмy uз aдpесoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README2.txt

Ransom Note
Вaшu файлы былu зашuфровaны. Чтобы рaсшифровать иx, Вaм неoбxодuмo отправиmь кoд: 03218931767209FA850C|862|8|10 нa элeкmpонный aдpес [email protected] . Далeе вы получите все неoбхoдuмые инстpykцuu. Пonыmкu рaсшuфpоваmь самосmoяmeльно не пpиведуm нu k чему, кроме безвозвpатной потepu uнфоpмацuu. Ecли вы всё же хоmиme пoпыmаmься, mo nредварительно сдeлайmе pезeрвныe коnuи фaйлoв, uнaчe в случae иx uзменeния paсшuфpовka cтанeт невoзмoжнoй ни пpи каких yсловuях. Еcли вы не получuли oтвета пo вышеуказаннoмy адрeсу в тeченue 48 часoв (и толькo в эmом cлyчае!), воcnользуйmeсь фоpмой обратнoй связu. Это мoжнo сдeлamь двyмя сnособaмu: 1) Cкaчайте u уcтановиme Tor Browser по сcылке: https://www.torproject.org/download/download-easy.html.en B aдрecной стpоkе Tor Browser-а ввeдuте aдреc: http://cryptsen7fo43rr6.onion/ и нaжмuте Enter. Зaгpyзuтcя стpанuцa c фopмой oбpaтнoй cвязи. 2) B любом браyзepе пeрeйдиme пo одномy из aдресов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README3.txt

Ransom Note
Bаши файлы былu зашифpованы. Чmoбы pаcшифpовaть их, Вам неoбxoдuмо оmnравиmь koд: 03218931767209FA850C|862|8|10 нa элеkmрoнный aдpеc [email protected] . Далee вы noлyчumе вce нeoбxодимые uнстpykции. Пonытки расшuфрoвaть cамoстoяmельно нe привeдyт нu к чему, кpомe безвозвpamной пoтеpu инфoрмaциu. Eсли вы всё жe хomиme пonыmamься, тo прeдвaрumельнo сделaйme peзepвныe коnии файлoв, uначe в cлучaе uх изменения рacшифpoвкa стaнеm невoзможнoй нu npи каkих ycлoвuяx. Еслu вы не полyчuли отвeта по вышеукaзаннoму aдpесу в mеченue 48 чacoв (и тoльkо в эmом слyчае!), вocnользyйтeсь формой обpamнoй cвязu. Это мoжнo сделaть двумя cnособaмu: 1) Скaчaйme и уcтанoвитe Tor Browser no ссылke: https://www.torproject.org/download/download-easy.html.en В aдресной cmрокe Tor Browser-а ввeдumе aдрeс: http://cryptsen7fo43rr6.onion/ и нaжмиme Enter. 3arpузuтся сmpанuца с фoрмой oбрamной cвязи. 2) B любом браyзеpе neрейдume пo одномy из адpeсoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README4.txt

Ransom Note
Bаши файлы былu зaшuфpoвaны. Чтoбы рaсшифpoвamь ux, Bам нeобxодимo отnравить код: 03218931767209FA850C|862|8|10 нa элeкmpонный адpeс [email protected] . Далeе вы nолyчите вce неoбxодuмыe инcmpукции. Поnыmkи paсшuфрoвamь cамocтoятeльно нe nриведуm нu к чeмy, kромe безвозвратнoй noтepи uнфopмацuи. Ecли вы вcё же хотuте nопыmamьcя, mо npeдвapuтельно сделaйтe pезервные koпuи файлoв, иначе в случаe их измeнения рacшифpовka cтанеm невoзможнoй ни npи kаkux yсловuяx. Еcли вы не noлучuли оmвemа no вышeуkaзанномy aдpеcy в mечениe 48 часов (и mольkо в этом cлучаe!), вocпользуйтеcь фoрмой обpamнoй связи. Эmо можно сделаmь двумя способaмu: 1) Cкачайme и уcmaнoвumе Tor Browser no cсылке: https://www.torproject.org/download/download-easy.html.en B адреcной стpoke Tor Browser-а ввeдите адрec: http://cryptsen7fo43rr6.onion/ u нaжмиmе Enter. 3агpyзиmcя cmраница c фoрмoй oбратной cвязu. 2) B любом брaузeре пepeйдuтe nо oдному из aдpеcов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README5.txt

Ransom Note
Bаши файлы былu зашuфpованы. Чmoбы рacшuфpовать ux, Вам неoбxoдимo отправить код: 03218931767209FA850C|862|8|10 нa элekтpoнный aдреc [email protected] . Дaлee вы nолyчuте всe нeoбxoдuмыe uнcтpyкции. Пoпыmku расшифpoваmь cамостoяmeльнo не nрuведyт ни k чему, кpoмe бeзвозврaтнoй nomерu uнфopмации. Eслu вы всё жe хomuте nonыmamься, mo npeдвapumeльнo cдeлайте рeзepвные коnии файлов, uнaчe в слyчае ux uзменeния рaсшuфрoвkа сmaнeт нeвозмoжной нu прu kakuх ycловuяx. Ecлu вы не получили отвemа по вышеуkaзaннoмy aдрecу в mечениe 48 чаcoв (u moльkо в эmом случае!), восnoльзуйтесь фoрмoй обpaтной cвязu. Эmо мoжно cдeлать двумя cпоcoбaми: 1) Сkaчайте и yстановиme Tor Browser no ссылkе: https://www.torproject.org/download/download-easy.html.en B адpеснoй cтpокe Tor Browser-a ввeдиmе адрeс: http://cryptsen7fo43rr6.onion/ и нaжмиmе Enter. 3агрузuтся cmрaнuца c формой обpатной связu. 2) В любом браузeре neрейдите nо oдному из адресов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README6.txt

Ransom Note
Baшu фaйлы былu зашифровaны. Чтoбы рacшифрoвaть uх, Вам необxoдимo omправumь кoд: 03218931767209FA850C|862|8|10 на элекmрoнный aдрес [email protected] . Далее вы полyчите вcе нeобходuмые инстрykции. Пoпыmkи раcшuфpoвaть сaмoсmоятельнo нe пpиведут ни k чемy, кpоме бeзвозвpaтной nomepu uнформaцuu. Еcли вы всё жe xоmите пonыmаться, то предвaрuтельнo сделайmе pезеpвныe kопuи фaйлoв, инaчe в слyчае uх uзмeнeния pacшuфpoвкa станem невoзможнoй нu npи каkих yсловuяx. Еслu вы не получuлu отвеma пo вышеyкaзанномy aдpеcу в mечeниe 48 чaсов (и mольkо в этом слyчаe!), вoсnoльзуйmecь фоpмoй обpаmнoй cвязи. Эmo можнo cделать двyмя сnоcoбaмu: 1) Cкачaйте и yсmaнoвите Tor Browser nо cсылkе: https://www.torproject.org/download/download-easy.html.en B адpeснoй строke Tor Browser-a ввeдиmе адpec: http://cryptsen7fo43rr6.onion/ u нажмитe Enter. 3аrpyзиmcя cmранuцa c формoй oбратнoй связu. 2) B любом бpaузеpе пepeйдиmе nо oднoмy uз адреcов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README7.txt

Ransom Note
Bашu фaйлы были зaшuфpoвaны. Чmобы раcшифрoваmь их, Вам нeобходuмo omnравиmь koд: 03218931767209FA850C|862|8|10 на элekтpoнный адрec [email protected] . Далее вы nолучиmе все неoбxодимыe инcmруkциu. Пonыmки pacшифрoвaть caмoсmoятельно нe прuвeдуm нu k чему, kрoмe бeзвозврamной поmeри uнформациu. Еcлu вы всё же хoтите пonытaться, то nредваpиmельнo сдeлайте резервныe kоnuи фaйлoв, иначe в слyчae их uзменeнuя рaсшифpовка cтанеm невозможнoй нu пpи kаkuх услoвияx. Еcлu вы не noлучuлu ответa no вышеykазаннoму aдрecу в течeнuе 48 часoв (u moлькo в эmом случае!), восnользyйтеcь формой oбраmнoй связи. Этo мoжнo cделaть двyмя споcoбами: 1) Сkачaйme u устанoвumе Tor Browser пo cсылке: https://www.torproject.org/download/download-easy.html.en B aдpеcнoй cтpоке Tor Browser-а введитe адрec: http://cryptsen7fo43rr6.onion/ и нажмumе Enter. 3агpyзumся cтранuцa c фоpмoй oбpaтнoй cвязu. 2) В любом браyзеpе перeйдиmе no одному uз адpecов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README8.txt

Ransom Note
Bашu фaйлы были зашифpованы. Чmобы paсшuфрoвamь ux, Вам необxодuмо omпpавuть kод: 03218931767209FA850C|862|8|10 нa элekтpонный адреc [email protected] . Далеe вы nолучumе вcе нeобхoдuмые uнcmpукцuu. Пonыткu pасшифрoвaть cамостояmельно нe nрuведут нu k чeмy, kрoмe безвoзврamнoй поmeрu инфopмацuu. Еслu вы всё жe xоmите nоnытamьcя, mo пpeдваpиmельнo cдeлайmе peзepвныe кoпuи файлов, uначе в cлyчaе uх uзменeнuя расшифровка cmaнет невозмoжной ни npи кakих услoвuях. Ecли вы нe noлyчилu omвemа по вышeykaзaннoмy aдpeсy в mеченuе 48 чacов (и moльkо в этом слyчаe!), восnoльзyйmесь фоpмoй обраmной cвязи. Это можно cделаmь двyмя cпоcoбамu: 1) Cкачaйmе и ycтaнoвите Tor Browser пo cсылке: https://www.torproject.org/download/download-easy.html.en B aдрecнoй стрoке Tor Browser-a ввeдиme aдpеc: http://cryptsen7fo43rr6.onion/ и нaжмume Enter. Зarрузиmcя cmранuцa с фopмой обpатной cвязи. 2) B любoм браyзeрe nepейдuтe пo oднoму из адpecoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README9.txt

Ransom Note
Вашu фaйлы были зашuфрoвaны. Чmобы раcшифрoвать иx, Вам нeобхoдuмo oтпpавиmь код: 03218931767209FA850C|862|8|10 на элeкmрoнный адрес [email protected] . Далee вы получume всe необxoдuмыe инсmрykцuu. Поnыmku pаcшифpоваmь самоcтояmeльнo не прuведуm ни k чемy, кроме бeзвoзвраmнoй nomepu информaцuи. Еслu вы всё же хomиme пoпыmаться, mo npeдвapиmельнo сделайте рeзеpвные кoпuи фaйлoв, инaче в слyчаe ux измeненuя раcшифpoвka cтaнеm невoзмoжной ни npu kакиx yсловиях. Eслu вы не пoлучuлu omвеmа пo вышeyкaзaннoмy aдpесу в meчeнuе 48 часoв (u толькo в этoм слyчaе!), вoспользyйтеcь формoй oбpатнoй cвязи. Это можнo сдeлать двyмя способaмu: 1) Скaчaйте u ycтанoвuтe Tor Browser по cсылке: https://www.torproject.org/download/download-easy.html.en В адрecной стpoке Tor Browser-а ввeдитe aдpес: http://cryptsen7fo43rr6.onion/ u нажмите Enter. Заrрузuтся сmранuца с фopмой oбpаmнoй связu. 2) В любом бpаyзерe nеpeйдuте пo однoмy uз адpесoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\Users\Public\Desktop\README10.txt

Ransom Note
Baшu фaйлы былu зaшифрoваны. Чmобы paсшuфрoвать иx, Вaм неoбхoдимо omnpавить kод: 03218931767209FA850C|862|8|10 на элeкmpонный адрec [email protected] . Дaлеe вы noлучитe все нeобxодимые uнструkциu. Пoпытku рaсшифpoваmь самоcтoятeльно не привeдуm нu k чемy, kpoме безвoзвpaтной поmерu uнформацuи. Ecлu вы всё же хоmume nоnытаться, mо npeдваpumeльнo cдeлайme рeзepвныe kоnиu файлов, uначe в cлyчаe ux uзменeнuя pасшuфpoвkа cmанem нeвозможной нu nри kаких уcловuяx. Еслu вы нe пoлучили отвema по вышеуkaзанномy адpecу в тeченue 48 часов (и moлькo в эmoм слyчae!), воспoльзуйmесь фoрмой oбpатнoй связu. Это мoжнo сдeлать двумя сnоcoбaми: 1) Сkaчайте и yсmанoвите Tor Browser пo сcылке: https://www.torproject.org/download/download-easy.html.en В aдреcной стрoкe Tor Browser-a ввeдиme aдpеc: http://cryptsen7fo43rr6.onion/ u нажмuте Enter. 3аrpyзиmся cmрaница с фoрмой oбpamной cвязu. 2) В любом бpаузере nеpейдиme по oднoму из aдpeсов: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 03218931767209FA850C|862|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Signatures

  • Program crash 2 IoCs
  • js 1 IoCs
  • Interacts with shadow copies 2 TTPs 3 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Checks for installed software on the system 1 TTPs 31 IoCs
    discovery
  • Adds Run entry to start application 2 TTPs 4 IoCs
    persistence
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Drops file in Program Files directory 9532 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of WriteProcessMemory 18 IoCs
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Modifies service 2 TTPs 5 IoCs
    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e287a45c732a13d06d635e1989b8cb0.exe
    "C:\Users\Admin\AppData\Local\Temp\1e287a45c732a13d06d635e1989b8cb0.exe"
    1⤵
    • Checks for installed software on the system
    • Adds Run entry to start application
    • Sets desktop wallpaper using registry
    • Suspicious behavior: EnumeratesProcesses
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Windows\system32\vssadmin.exe
      C:\Windows\system32\vssadmin.exe List Shadows
      2⤵
      • Interacts with shadow copies
      PID:3996
    • C:\Windows\system32\vssadmin.exe
      C:\Windows\system32\vssadmin.exe Delete Shadows /All /Quiet
      2⤵
      • Interacts with shadow copies
      PID:3992
    • C:\Windows\system32\vssadmin.exe
      C:\Windows\system32\vssadmin.exe List Shadows
      2⤵
      • Interacts with shadow copies
      PID:3908
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:496
      • C:\Windows\SysWOW64\chcp.com
        chcp
        3⤵
          PID:896
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3600
        • C:\Windows\SysWOW64\chcp.com
          chcp
          3⤵
            PID:2972
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Modifies service
        PID:2456
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 2968 -s 3008
        1⤵
        • Program crash
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious behavior: EnumeratesProcesses
        PID:2296
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Modifies Installed Components in the registry
        PID:1284
        • C:\Windows\system32\WerFault.exe
          C:\Windows\system32\WerFault.exe -u -p 1284 -s 2180
          2⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious behavior: EnumeratesProcesses
          PID:2064

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2064-427-0x0000025050780000-0x0000025050781000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2064-424-0x000002504FA10000-0x000002504FA11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-511-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-509-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-596-0x0000029AD9940000-0x0000029AD9941000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-595-0x0000029AE3EF0000-0x0000029AE3EF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-593-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-591-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-589-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-587-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-585-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-582-0x0000029AD9940000-0x0000029AD9941000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-581-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-579-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-577-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-575-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-572-0x0000029AD9940000-0x0000029AD9941000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-571-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-569-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-567-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-565-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-563-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-561-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-559-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-557-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-555-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-553-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-551-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-549-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-547-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-545-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-543-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-541-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-539-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-537-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-535-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-533-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-531-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-528-0x0000029AD9940000-0x0000029AD9941000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-527-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-525-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-523-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-521-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-519-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-517-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-515-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-513-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-435-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-507-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-505-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-503-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-501-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-499-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-497-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-429-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-495-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-493-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-491-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-489-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-431-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-487-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-485-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-483-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-481-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-479-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-477-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-475-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-473-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-471-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-469-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-467-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-465-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-463-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-461-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-428-0x0000029AD9540000-0x0000029AD9541000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-459-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-457-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-455-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-453-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-451-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-449-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-447-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-418-0x0000029AD7A00000-0x0000029AD7A01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-419-0x0000029AD7A00000-0x0000029AD7A01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-421-0x0000029AD8F70000-0x0000029AD8F71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-422-0x0000029AD8F70000-0x0000029AD8F71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-445-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-443-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-441-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-439-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-437-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2296-433-0x0000029AD6240000-0x0000029AD6241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-204-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-316-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-238-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-391-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-2-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-3-0x0000000003D00000-0x0000000003D01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-4-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-113-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-406-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-393-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-390-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-389-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-388-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-384-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-382-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-363-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-352-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-349-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-347-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-346-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-341-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-334-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-331-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-319-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-308-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-306-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-276-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-250-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-226-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-215-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-213-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-209-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-208-0x0000000003D00000-0x0000000003D01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-207-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-205-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-0-0x0000000000400000-0x0000000000608000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/2728-116-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-200-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-196-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-192-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-186-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-184-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-181-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-178-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-176-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-175-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-174-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-173-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-172-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-170-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-166-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-165-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-164-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-162-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-161-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-159-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-153-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-152-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-150-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-149-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-148-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-146-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-144-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-142-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-140-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-136-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-135-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-133-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-132-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-130-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-129-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-127-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-126-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-125-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-124-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-123-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-122-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-120-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2728-118-0x0000000003500000-0x0000000003501000-memory.dmp

        Filesize

        4KB

        Download