################################################################################# ############## You became victim of the .T1000 Ransomware-Virus C&C ############# ################################################################################# The harddisks of your computer have been encrypted with an military grade encryption algorithm TermCryptS7+RSA4096. There is no way to restore your data without a special key. To get RSA private key you have to contact us via the link below, located in the TOR private network ######################################################## ##HWID YOUR SYSTEM >> {56DD9D47-7BE5-8B82-389B91405260980C} > Required when paying ######################################################################### ##Download the Tor Browser at >>> https://www.torproject.org <<< ##If you need help. please google for "access onion page". ## Uisit one of the following pages with the Tor Browser: ##http://kwk62hefhey3zh4ki332d7uluww5oilm4c6t5tnhb4g5hrf7a2szvlqd.onion/index.php >>> For payment ##Amount to pay Bitcoin Exchangers for exchanging for cryptocurrency: >>> https://www.bestchange.net <<< If you want to decrypt your files, you have to get RSA private key. ## Chat support: > http://kwk62hefhey3zh4ki332d7uluww5oilm4c6t5tnhb4g5hrf7a2szvlqd.onion/chat ## Jabber: > [email protected] FULL ONLINE< ##After the successful payment and decrypting your files, we will give you FULL instructions HOW to IMPROVE your security system. ## If you have any problems with TOR browser, TELEGRAM us: >> @t1000rn << >>>>Do not pay data recovery companies to get the key, they will email me! <<<< We ready to answer all your questions! ## ## HOW to understand that we are NOT scammers? You can ask SUPPORT for the TEST-decryption for ONE file! ##################### ############### LIST OF ENCRYPTED FILES ####################################### ############################################################################### -------------------------------------------------------------------------------- C:\vcredist2010_x64.log.html 88496 C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log 169694 C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log 197550 C:\Users\Default\NTUSER.DAT.LOG 1024 C:\Users\Admin\deployment.properties 1646 C:\Users\Admin\ntuser.dat.LOG1 0 C:\Users\Admin\ntuser.dat.LOG2 0 C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf 0 C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms 0 C:\Users\Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms 0 C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log 171966 C:\Users\Default\NTUSER.DAT.LOG1 189440 C:\Users\Default\NTUSER.DAT.LOG2 0 C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf 65536 C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms 524288 C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms 524288 C:\Recovery\590dd5e2-2d4f-11ec-8202-e2f59334bf81\boot.sdi 3170304 C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log 193102 C:\vcredist2019_x64_001_vcRuntimeMinimum_x64.log 120814 C:\vcredist2019_x64_002_vcRuntimeAdditional_x64.log 131692 C:\Users\Admin\Contacts\Admin.contact 68374 C:\Users\Public\Libraries\RecordedTV.library-ms 876 C:\Users\Admin\Desktop\CompleteCompare.mpg 369180 C:\Users\Admin\Desktop\CompressBlock.zip 843840 C:\Users\Admin\Desktop\ConnectPublish.xls 975690 C:\Users\Admin\Desktop\ConnectRestart.DVR 632880 C:\Users\Admin\Desktop\CopySkip.xsl 421920 C:\Users\Admin\Desktop\DisconnectConfirm.mht 764730 C:\Users\Admin\Desktop\DisconnectSwitch.mpeg3 791100 C:\Users\Admin\Desktop\ExitConfirm.wpl 474660 C:\Users\Admin\Desktop\ExportOpen.ppsx 501030 C:\Users\Admin\Desktop\ExportResume.wps 448290 C:\Users\Admin\Desktop\FindReset.DVR 922950 C:\Users\Admin\Desktop\FormatSuspend.aiff 685620 C:\Users\Admin\Desktop\NewEnable.otf 606510 C:\Users\Admin\Desktop\NewExit.mpe 342810 C:\Users\Admin\Desktop\ReceiveDismount.emz 1344542 C:\Users\Admin\Downloads\BlockSplit.vst 753160 C:\Users\Admin\Desktop\RegisterConnect.png 580140 C:\Users\Admin\Downloads\ClearUpdate.xsl 626312 C:\Users\Admin\Desktop\RestartRemove.M2V 659250 C:\Users\Admin\Downloads\CloseUninstall.wma 388472 C:\Users\Admin\Desktop\RevokeReset.mp4 395550 C:\Users\Admin\Downloads\CompleteUnprotect.mov 467752 C:\Users\Admin\Desktop\SearchUnprotect.html 870210 C:\Users\Admin\Downloads\CompressUnpublish.mp4 309192 C:\Users\Admin\Desktop\ShowClear.pps 553770 C:\Users\Admin\Downloads\CopyUpdate.tmp 848296 C:\Users\Admin\Downloads\DenyStep.wax 325048 C:\Users\Admin\Desktop\SubmitAssert.gif 817470 C:\Users\Admin\Downloads\ExitAssert.rm 864152 C:\Users\Admin\Desktop\SuspendSplit.ppsx 711990 C:\Users\Admin\Downloads\ExpandEnter.zip 451896 C:\Users\Admin\Downloads\ExportCompare.crw 547032 C:\Users\Admin\Desktop\TestMerge.mp4 738360 C:\Users\Admin\Downloads\ExportConvertFrom.rle 832440 C:\Users\Admin\Downloads\ExportDebug.pptm 769016 C:\Users\Admin\Downloads\GrantClear.aifc 594600 C:\Users\Admin\Desktop\WaitUnprotect.dxf 896580 C:\Users\Admin\Downloads\GrantUninstall.xltx 784872 C:\Users\Admin\Downloads\ImportRequest.cr2 531176 C:\Users\Admin\Downloads\InstallMeasure.easmx 673880 C:\Users\Admin\Downloads\MountRestore.au 642168 C:\Users\Admin\Downloads\MoveClose.dxf 658024 C:\Users\Admin\Downloads\OpenPush.pcx 483608 C:\Users\Admin\Downloads\OutUpdate.M2V 578744 C:\Users\Admin\Pictures\ApproveInstall.tiff 159744 C:\Users\Admin\Pictures\CheckpointWrite.wmf 129024 C:\Users\Admin\Pictures\CopyImport.raw 258048 C:\Users\Admin\Pictures\DebugInstall.jpeg 221184 C:\Users\Admin\Pictures\DenyMerge.eps 245760 C:\Users\Admin\Pictures\DenyUnlock.jpeg 264192 C:\Users\Admin\Pictures\DismountCopy.crw 98304 C:\Users\Admin\Pictures\FindRevoke.tiff 184320 C:\Users\Admin\Pictures\ImportJoin.pcx 276480 C:\Users\Admin\Pictures\MeasureAdd.pcx 147456 C:\Users\Admin\Pictures\PingSwitch.dxf 135168 C:\Users\Admin\Documents\Are.docx 11525 C:\Users\Admin\Documents\ClearUpdate.vstx 788929 C:\Users\Admin\Documents\CompressUndo.csv 314040 C:\Users\Admin\Documents\ConvertToClose.odt 283402 C:\Users\Admin\Documents\DenySelect.dotm 574463 C:\Users\Admin\Documents\DenySuspend.ppt 298721 C:\Users\Admin\Documents\DenyUnregister.xls 651058 C:\Users\Admin\Documents\EnableCompress.odp 804248 C:\Users\Admin\Documents\EnableExpand.vst 513187 C:\Users\Admin\Documents\EnterWait.dot 528506 C:\Users\Admin\Documents\ExitInitialize.odp 742972 C:\Users\Admin\Documents\Files.docx 11551 C:\Users\Admin\Documents\FindShow.pptx 451911 C:\Users\Admin\Documents\JoinDisable.csv 727653 C:\Users\Admin\Documents\MeasureRename.odp 390635 C:\Users\Admin\Documents\MergeDeny.mhtml 605101 C:\Users\Admin\Documents\MergeLock.mpp 758291 C:\Users\Admin\Documents\MountAssert.pdf 819567 C:\Users\Admin\Documents\MountSubmit.ppsm 712334 C:\Users\Admin\Music\ApproveCompare.dib 239616 C:\Users\Admin\Documents\NewDisable.vsdx 329359 C:\Users\Admin\Pictures\PublishSend.svg 122880 C:\Users\Admin\Pictures\ReceivePush.dwg 233472 C:\Users\Admin\Documents\Opened.docx 11538 C:\Users\Admin\Searches\Everywhere.search-ms 248 C:\Users\Admin\Searches\Indexed Locations.search-ms 248 C:\Users\Admin\Documents\PingDismount.vdw 773610 C:\Users\Admin\Music\ApproveRepair.mpg 276480 C:\Users\Admin\Pictures\RenameRegister.dwg 165888 C:\Users\Admin\Downloads\PopMove.mht 562888 C:\Users\Admin\Pictures\RepairWrite.gif 215040 C:\Users\Admin\Pictures\ResolveClose.tiff 208896 C:\Users\Admin\Pictures\ResolveDisconnect.raw 196608 C:\Users\Admin\Downloads\PopUnprotect.rtf 800728 C:\Users\Admin\Pictures\RevokeTest.emf 387072 C:\Users\Admin\Pictures\SaveStep.gif 104448 C:\Users\Admin\Downloads\PublishStop.xsl 895864 C:\Users\Admin\Pictures\ShowLock.png 153600 C:\Users\Admin\Pictures\SuspendPush.eps 251904 C:\Users\Admin\Pictures\UnblockRegister.crw 190464 C:\Users\Admin\Pictures\UninstallClear.tiff 116736 C:\Users\Admin\Downloads\PushLimit.aifc 1221184 C:\Users\Admin\Documents\PublishCompress.mhtml 359997 C:\Users\Admin\Downloads\PushUninstall.pcx 499464 C:\Users\Admin\Downloads\RestartInvoke.js 420184 C:\Users\Admin\Documents\ReadBlock.pps 681696 C:\Users\Admin\Music\AssertExit.7z 331776 C:\Users\Admin\Pictures\UpdateRepair.dwg 239616 C:\Users\Admin\Music\BackupCompare.vstx 368640 C:\Users\Admin\Pictures\WatchUnregister.png 282624 C:\Users\Admin\Downloads\RestartSet.mp4 404328 C:\Users\Admin\Music\ClearEnter.xhtml 322560 C:\Users\Admin\Downloads\RestoreConnect.tif 689736 C:\Users\Admin\Music\CompleteGrant.wvx 423936 C:\Users\Admin\Music\ConfirmConvertTo.jpeg 221184 C:\Users\Admin\Downloads\SearchSubmit.xlsb 356760 C:\Users\Admin\Music\ConvertToRequest.pptx 313344 C:\Users\Admin\Music\CopyDeny.nfo 147456 C:\Users\Admin\Downloads\SuspendExit.mpa 610456 C:\Users\Admin\Music\ExportDismount.zip 230400 C:\Users\Admin\Downloads\SuspendFind.midi 436040 C:\Users\Admin\Music\ExportRestore.mid 387072 C:\Users\Admin\Downloads\SuspendOpen.ppsm 705592 C:\Users\Admin\Music\ImportSplit.htm 580608 C:\Users\Admin\Music\ImportUninstall.001 175104 C:\Users\Admin\Music\InvokePublish.php 202752 C:\Users\Admin\Music\MoveCompress.shtml 304128 C:\Users\Admin\Downloads\SyncResolve.7z 515320 C:\Users\Admin\Documents\Recently.docx 11533 C:\Users\Admin\Documents\RemoveSelect.html 497868 C:\Users\Admin\Downloads\UnregisterSubmit.mpg 816584 C:\Users\Admin\Documents\RenameBlock.vst 697015 C:\Users\Admin\Downloads\UpdateSet.temp 880008 C:\Users\Admin\Documents\RequestSelect.mhtml 467230 C:\Users\Admin\Downloads\WriteUnprotect.vstm 340904 C:\Users\Admin\Documents\ResetRedo.html 589782 C:\Users\Admin\Music\ProtectExit.midi 184320 C:\Users\Admin\Music\PublishStart.xps 211968 C:\Users\Admin\Music\PushClose.eprtx 396288 C:\Users\Admin\Music\ReadJoin.pptx 405504 C:\Users\Admin\Documents\RestoreRepair.vdw 1118078 C:\Users\Admin\Documents\SaveSkip.docm 543825 C:\Users\Admin\Documents\SearchWait.mht 482549 C:\Users\Admin\Documents\ShowLock.rtf 666377 C:\Users\Admin\Documents\ShowUnlock.potx 635739 C:\Users\Admin\Documents\SkipTrace.xls 344678 C:\Users\Admin\Documents\SuspendUndo.vstm 375316 C:\Users\Admin\Music\ReceiveStop.wpl 193536 C:\Users\Admin\Music\ResetUnprotect.png 294912 C:\Users\Admin\Music\SaveCopy.php 340992 C:\Users\Admin\Music\SplitStart.m4v 258048 C:\Users\Admin\Music\SubmitMeasure.wmx 267264 C:\Users\Admin\Music\SuspendAssert.xht 248832 C:\Users\Admin\Music\TraceWait.xlsm 165888 C:\Users\Admin\Documents\These.docx 11462 C:\Users\Admin\Documents\UndoAdd.rtf 620420 C:\Users\Admin\Documents\UseClear.vsx 421273 C:\Users\Admin\Documents\UseTrace.vdx 436592 C:\Recovery\590dd5e2-2d4f-11ec-8202-e2f59334bf81\Winre.wim 169213970 C:\Users\Admin\Favorites\Links for United States\GobiernoUSA.gov.url 134 C:\Users\Admin\Favorites\Links for United States\USA.gov.url 134 C:\Users\Admin\Favorites\Microsoft Websites\IE Add-on site.url 133 C:\Users\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url 133 C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv 9699328 C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Home.url 133 C:\Users\Admin\Favorites\Links\Suggested Sites.url 302 C:\Users\Admin\Favorites\Links\Web Slice Gallery.url 226 C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Work.url 133 C:\Users\Admin\Favorites\Microsoft Websites\Microsoft Store.url 134 C:\Users\Admin\Favorites\Windows Live\Get Windows Live.url 133 C:\Users\Admin\Favorites\Windows Live\Windows Live Gallery.url 133 C:\Users\Admin\Favorites\Windows Live\Windows Live Mail.url 133 C:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url 133 C:\Users\Admin\Favorites\MSN Websites\MSN Autos.url 133 C:\Users\Admin\Favorites\MSN Websites\MSN Entertainment.url 133 C:\Users\Admin\Favorites\MSN Websites\MSN Money.url 133 C:\Users\Admin\Favorites\MSN Websites\MSN Sports.url 133 C:\Users\Admin\Favorites\MSN Websites\MSN.url 133 C:\Users\Admin\Favorites\MSN Websites\MSNBC News.url 133 C:\Users\Public\Videos\Sample Videos\Wildlife.wmv 26246026